On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

On November 18, 2021, the European Data Protection Board released a statement on the Digital Services Package and Data Strategy. The Digital Services Package and Data Strategy is composed of several legislative proposals that aim to facilitate the further use and sharing of personal data between more public and private parties; support the use of specific technologies, such as Big Data and artificial intelligence; and regulate online platforms and gatekeepers.
Continue Reading EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads

On November 14, 2021, the U.S. Department of the Treasury announced a bilateral cybersecurity partnership with the Israeli Ministry of Finance “to protect critical financial infrastructure and emerging technologies” and combat the use of ransomware. The initiative includes the launch of a U.S.-Israeli Task Force on Fintech Innovation and Cybersecurity (the “Task Force”), which seeks to advance the twin goals of encouraging fintech innovation while protecting against cyber threats from nation-state and criminal actors.
Continue Reading U.S. Department of the Treasury Announces Partnership with Israel to Combat Ransomware

On November 5, 2021, IAB Europe announced that, in the coming weeks, the Belgian Data Protection Authority plans to share with other data protection authorities a draft ruling on the IAB EU Transparency & Consent Framework.
Continue Reading Belgian DPA Expected to Rule that IAB Europe’s Cookie Consent Framework Violates the GDPR

On November 10, 2021, the UK Supreme Court issued its long-awaited judgment in the Lloyd v Google case. The decision is expected to make it difficult in practice for a future class action lawsuit that is brought on behalf of a class of individuals who have not actively opted in to being represented by the lead claimant to proceed under UK law.
Continue Reading Lloyd Court Says No to Class Action-Style Lawsuits in the UK

On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.”
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies

On October 29, 2021, the Cyberspace Administration of China released for public comment Draft Measures on Security Assessment of Cross-border Data Transfer. The CAC issued the Draft Measures three days before the November 1, 2021 effective date of the Personal Information Protection Law.
Continue Reading China Issues Draft Measures on Security Assessment of Cross-border Data Transfer