On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act, which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. Publication is anticipated to occur within the next few weeks.
Continue Reading
Adequacy
EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
Posted on
At its plenary meeting today in Brussels, the European Data Protection Board adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.…
Continue Reading
European Commission Adopts Japan Adequacy Decision
Posted on
Posted in Information Security, International
On January 23, 2019, the European Commission announced that it has adopted its adequacy decision on Japan. According to the announcement, Japan has adopted an equivalent decision and the adequacy arrangement is applicable with immediate effect.…
Continue Reading
Argentina DPA Issues Guidelines on Binding Corporate Rules
Posted on
Posted in Information Security, International
The Agency of Access to Public Information (Agencia de Acceso a la Información Pública) has approved a set of guidelines for Binding Corporate Rules as a mechanism that multinational companies may use to enable the international transfer of personal data to their affiliates located in countries whose protection of personal data has not been deemed adequate by the AAIP.…
Continue Reading
FERC Adopts Supply Chain Risk Management Reliability Standards
Posted on
Posted in Cybersecurity
At its October monthly meeting, the Federal Energy Regulatory Commission adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector.…
Continue Reading
EU Begins Formal Approval for Japan Adequacy Decision
Posted on
On September 5, 2018, the European Commission announced in a press release the launch of the procedure to formally adopt the Commission’s adequacy decision with respect to Japan.…
Continue Reading
Supreme Court of Ireland to Review Facebook Privacy Case
Posted on
On July 31, 2018, the Supreme Court of Ireland granted Facebook, Inc.’s leave to appeal a lower court’s ruling sending a privacy case to the Court of Justice of the European Union. In granting Facebook leave to appeal, the Supreme Court noted that “[i]t is in the interest of justice” that the Court hear its arguments. The hearing will take place within the next five months. …
Continue Reading
EU and Japan Agree on Reciprocal Adequacy
Posted on
On July 17, 2018, the European Union and Japan successfully concluded negotiations on a reciprocal finding of an adequate level of data protection, thereby agreeing to recognize each other’s data protection systems as “equivalent.” This will allow personal data to flow safely between the EU and Japan, without being subject to any further safeguards or authorizations. …
Continue Reading
EDPB Published Guidelines on Certification and Derogations under the GDPR
Posted on
Posted in European Union, International
On May 30, 2018, the European Data Protection Board published the final version of guidelines on derogations in the context of international data transfers and draft guidelines on certification under the EU General Data Protection Regulation. …
Continue Reading
UK Court of Appeal Rules DRIPA Inconsistent with EU Law
Posted on
On January 30, 2018, the UK Court of Appeal ruled that the Data Retention and Investigatory Powers Act was inconsistent with EU law.…
Continue Reading