On December 13, 2022, the European Commission launched the process for the adoption of an adequacy decision for the EU-U.S. Data Privacy Framework.
Continue Reading European Commission to Start Adequacy Decision Adoption Process for the EU-U.S. Data Privacy Framework
Adequacy
EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield
On March 7, 2022, the European Data Protection Board released a statement on the announcement of a new Trans-Atlantic Data Privacy Framework.
Continue Reading EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield
French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful
On February 10, 2022, the French Data Protection Authority ruled that transfers of personal data from the EU to the U.S. through the use of an analytics cookie to be unlawful.
Continue Reading French CNIL Rules EU-U.S. Data Transfers Through the Use of Analytics Cookie to be Unlawful
Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR
On February 2, 2022, the Litigation Chamber of the Belgian Data Protection Authority imposed a 250,000 Euro fine against the Interactive Advertising Bureau Europe for several alleged infringements of the GDPR, following an investigation into IAB Europe’s Transparency and Consent Framework.
Continue Reading Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR
Update: International Data Transfer Agreement and Addendum Replace SCCs
On August 11, 2021, the UK Information Commissioner’s Office launched a consultation on its draft international data transfer agreement and guidance for organizations on international transfers. Once finalized, the agreement will replace the existing EU Standard Contractual Clauses in the UK.
Continue Reading Update: International Data Transfer Agreement and Addendum Replace SCCs
Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements
The Austrian data protection authority recently published a decision finding that the use of Google Analytics cookies violates both Chapter V of the GDPR, which establishes the rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements
European Commission Adopts South Korea Adequacy Decision
On December 21, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities. …
Continue Reading European Commission Adopts South Korea Adequacy Decision
Data Protection in the UAE – Game Changing Federal UAE Data Law
On November 27, 2021, the UAE Cabinet Office enacted its first federal Personal Data Protection Law (Federal Decree Law No. 45 of 2021, the “UAE Data Protection Law”). The UAE Data Protection Law will come into force on January 2, 2022.
…
Continue Reading Data Protection in the UAE – Game Changing Federal UAE Data Law
DCMS Consults on National Data Strategy
On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy
Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers
The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers