On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States.
Continue Reading President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact
International
U.S. Department of Justice Announces U.S. – UK CLOUD Act Agreement
On October 3, 2022, the U.S. Department of Justice announced that the agreement between the U.S. Government and the UK Government on Access to Electronic Data for the Purpose of Countering Serious Crime entered force, effect the same day. …
Continue Reading U.S. Department of Justice Announces U.S. – UK CLOUD Act Agreement
European Commission Publishes Proposal for Cyber Resilience Act
On September 15, 2022, the European Commission presented its proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements. …
Continue Reading European Commission Publishes Proposal for Cyber Resilience Act
UK ICO Issues TikTok Notice of Intent with Possible £27 Million Fine for Children’s Privacy Violations
On September 26, 2022, the UK Information Commissioner’s Office confirmed in a statement that it issued TikTok Inc. and TikTok Information Technology UK Limited a notice of intent to potentially impose a £27 million fine for failing to protect children’s privacy. …
Continue Reading UK ICO Issues TikTok Notice of Intent with Possible £27 Million Fine for Children’s Privacy Violations
Danish DPA Declares Use of Google Analytics Unlawful Without Supplementary Measures
On September 21, 2022, Denmark’s data protection authority Datatilsynet announced its guidance that Google Analytics, Google’s audience measurement tool, is not compliant with the EU General Data Protection Regulation. …
Continue Reading Danish DPA Declares Use of Google Analytics Unlawful Without Supplementary Measures
Indonesia Enacts its First Data Protection Act
On September 20, 2022, Indonesia’s parliament ratified the Personal Data Protection Act. …
Continue Reading Indonesia Enacts its First Data Protection Act
Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations
On September 5, 2022, the Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data. …
Continue Reading Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations
Government Security Assessment on Cross-Border Transfer in China
On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).…
Continue Reading Government Security Assessment on Cross-Border Transfer in China
CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR
On August 5, 2022, French AdTech company Criteo announced that it had received a report from the French Data Protection Authority on August 3, 2022, claiming various infringements of the EU General Data Protection Regulation and proposing to impose 60 million euros fine against Criteo. …
Continue Reading CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR
Russian Federation Passes Data Protection and Information Governance Reforms
In July 2022, Maria Ostashenko from ALRUD Law Firm reports that the Russian Parliament passed, and the President of the Russian Federation signed into law, major reforms in data protection and information governance. The reforms include:
- Significant changes to Federal Law No. 152-FZ on Personal Data, including the scope of its application, new rules for