On June 21, 2021, the European Data Protection Board published the final version of its recommendations on supplementary measures in the context of international transfer safeguards, such as Standard Contractual Clauses.
Continue Reading EDPB Releases Final Recommendations on Supplementary Measures for International Transfers
Information Security
China Issues Data Security Law
Posted on
After two rounds of public comments, the Data Security Law of the People’s Republic of China was formally issued on June 10, 2021, and will become effective on September 1, 2021. This blog entry provides highlights of the new law.…
Continue Reading China Issues Data Security Law
White House Issues Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries
Posted on
Posted in Information Security
On June 9, 2021, President Biden signed an Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries, which elaborates on measures to address the national emergency regarding the information technology supply chain declared in 2019 by the Trump administration in Executive Order 13873.…
Continue Reading White House Issues Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries
CCPA’s Metrics Reporting Deadline Approaching
Posted on
Posted in Information Security, U.S. State Law
July 1, 2021 marks the deadline for certain businesses to comply with the metrics reporting obligations under the California Consumer Privacy Act of 2018 regulations.…
Continue Reading CCPA’s Metrics Reporting Deadline Approaching
European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights
Posted on
On May 25, 2021, the Grand Chamber of the European Court of Human Rights handed down its judgement in the case of Big Brother Watch and Others v. the United Kingdom, determining that the former surveillance regime in the UK violated Article 8 of the European Convention on Human Rights (i.e., the right to respect for private and family life).…
Continue Reading European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights
CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law
Posted on
The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP has submitted its response to the Standing Committee of the National People’s Congress of the People’s Republic of China on the updated version of the Draft Personal Information Protection Law.…
Continue Reading CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law
EDPS Opens Investigations Following Schrems II Judgment
Posted on
Posted in European Union, Information Security
On May 27, 2021, the European Data Protection Supervisor announced that it has opened two investigations regarding (1) the use of cloud services by European Union institutions, bodies and agencies; and (2) the use of Microsoft Office 365 by the European Commission.…
Continue Reading EDPS Opens Investigations Following Schrems II Judgment
U.S. Department of Homeland Security Announces Pipeline Cybersecurity Directive
Posted on
On May 27, 2021, the U.S. Department of Homeland Security’s Transportation Security Administration announced a Security Directive that will impose new cybersecurity requirements on critical pipeline owners and operators.…
Continue Reading U.S. Department of Homeland Security Announces Pipeline Cybersecurity Directive
UK Court of Appeal Signals It Will Closely Scrutinize UK DPA Exemptions
Posted on
Posted in European Union, Information Security
On May 26, 2021, the Court of Appeal handed down its judgment in the case of R (Open Rights Group and the3million) v Secretary of State for the Home Department and Others [2021] EWCA Civ 800, finding that the UK 2018 Data Protection Act’s “immigration exemption” is unlawful.…
Continue Reading UK Court of Appeal Signals It Will Closely Scrutinize UK DPA Exemptions
Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Posted on
On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.…
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers