On June 30, 2023, the European Data Protection Board published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR), which were adopted on June 20, 2023.
Continue Reading EDPB Adopts Guidance on Controller Binding Corporate Rules
Binding Corporate Rules
International Data Transfers: Time to Rethink Binding Corporate Rules
This is an excerpt from CIPL President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog. This piece discusses binding corporate rules as important transfer mechanism.
Continue Reading International Data Transfers: Time to Rethink Binding Corporate Rules
CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR). …
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
EU-UK Trade Deal: What It Means For Post-Brexit Data Flows
On December 24, 2020, the European Union and the United Kingdom reached an agreement in principle on the historic EU-UK Trade and Cooperation Agreement. For data protection purposes, there is a further transition period of up to six months to enable the European Commission to complete its adequacy assessment of the UK’s data protection laws. For the time being, personal data can continue to be exported from the EU to the UK without implementing additional safeguards.
Continue Reading EU-UK Trade Deal: What It Means For Post-Brexit Data Flows
EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
On November 11, 2020, the European Data Protection Board published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures that may be implemented to ensure the adequate protection of personal data when transferring the data to third countries.
Continue Reading EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
On September 8, 2020, the Swiss Data Protection Authority announced in a position statement that it no longer considers the Swiss-U.S. Privacy Shield adequate for the purposes of transfers of personal data from Switzerland to the United States.
Continue Reading Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
On July 28, 2020, German supervisory authorities issued a statement reiterating the requirement for additional safeguards when organizations rely on Standard Contractual Clauses or Binding Corporate Rules for the transfer of personal data to third countries in the wake of the Court of Justice of the European Union’s invalidation of the Privacy Shield Framework.
Continue Reading Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
EDPB Adopts Information Note on BCRs in Preparation for Brexit
On July 22, 2020, the European Data Protection Board adopted an information note to assist organizations relying on Binding Corporate Rules for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.
Continue Reading EDPB Adopts Information Note on BCRs in Preparation for Brexit
EDPB Publishes FAQs on Implications of the Schrems II Case
On July 24, 2020, the European Data Protection Board published a set of Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems II case.
Continue Reading EDPB Publishes FAQs on Implications of the Schrems II Case