On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States.
Continue Reading President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact

On September 26, 2022, the UK Information Commissioner’s Office confirmed in a statement that it issued TikTok Inc. and TikTok Information Technology UK Limited a notice of intent to potentially impose a £27 million fine for failing to protect children’s privacy.
Continue Reading UK ICO Issues TikTok Notice of Intent with Possible £27 Million Fine for Children’s Privacy Violations

On September 5, 2022, the Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data.
Continue Reading Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations

On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).

Continue Reading Government Security Assessment on Cross-Border Transfer in China

On August 5, 2022, French AdTech company Criteo announced that it had received a report from the French Data Protection Authority on August 3, 2022, claiming various infringements of the EU General Data Protection Regulation and proposing to impose 60 million euros fine against Criteo.
Continue Reading CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR

In July 2022, Maria Ostashenko from ALRUD Law Firm reports that the Russian Parliament passed, and the President of the Russian Federation signed into law, major reforms in data protection and information governance. The reforms include:

  • Significant changes to Federal Law No. 152-FZ on Personal Data, including the scope of its application, new rules for