On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments on the sanctions risks associated with facilitating ransomware payments. OFAC, with assistance from the FBI, also designated SUEX OTC, S.R.O., as a malicious cyber actor, the first such sanctions designation against a virtual currency exchange.
Continue Reading OFAC Again Says Beware of Sanctions When Making Ransomware Payments and Designates Virtual Currency Exchange as Malicious Cyber Actor

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy

The Centre for Information Policy Leadership at Hunton Andrews Kurth is celebrating 20 years of working with industry leaders, regulatory authorities and policymakers to develop global solutions and best practices for privacy and responsible data use. To mark this occasion, CIPL will publish a volume of short thought pieces later this year.
Continue Reading CIPL Celebrates Two Decades of Data Policy Innovation

The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers

On August 27, 2021, the Federal Data Protection and Information Commissioner announced that the new EU Standard Contractual Clauses may be relied on to legitimize transfers of personal data from Switzerland to countries without an adequate level of data protection, provided that the necessary amendments and adaptations are made for use under Swiss data protection law.
Continue Reading Swiss DPA Recognizes the New EU Standard Contractual Clauses

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

On August 26, 2021, the UK Department of Culture, Media and Sport made news by publishing a document indicating its intent to begin making adequacy decisions for UK data transfers to foreign jurisdictions and by announcing its preferred candidate for the position of new UK Information Commissioner.
Continue Reading UK DCMS Identifies Priority Jurisdictions for UK Adequacy Recognition and Proposes New UK Information Commissioner