On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act, which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. Publication is anticipated to occur within the next few weeks.
Continue Reading Thailand’s National Legislative Assembly Passes Data Protection Law

At its plenary meeting today in Brussels, the European Data Protection Board adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.
Continue Reading EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs

The Agency of Access to Public Information (Agencia de Acceso a la Información Pública) has approved a set of guidelines for Binding Corporate Rules as a mechanism that multinational companies may use to enable the international transfer of personal data to their affiliates located in countries whose protection of personal data has not been deemed adequate by the AAIP.
Continue Reading Argentina DPA Issues Guidelines on Binding Corporate Rules

At its October monthly meeting, the Federal Energy Regulatory Commission adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector.
Continue Reading FERC Adopts Supply Chain Risk Management Reliability Standards

On July 31, 2018, the Supreme Court of Ireland granted Facebook, Inc.’s leave to appeal a lower court’s ruling sending a privacy case to the Court of Justice of the European Union. In granting Facebook leave to appeal, the Supreme Court noted that “[i]t is in the interest of justice” that the Court hear its arguments. The hearing will take place within the next five months.
Continue Reading Supreme Court of Ireland to Review Facebook Privacy Case

On July 17, 2018, the European Union and Japan successfully concluded negotiations on a reciprocal finding of an adequate level of data protection, thereby agreeing to recognize each other’s data protection systems as “equivalent.” This will allow personal data to flow safely between the EU and Japan, without being subject to any further safeguards or authorizations.
Continue Reading EU and Japan Agree on Reciprocal Adequacy