On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid
Binding Corporate Rules
CIPL: Eight Privacy Priorities for 2020 and Beyond
The proliferation of privacy laws is bound to continue as around the world, new privacy laws are coming into force and outdated laws continue to be updated. What should our privacy priorities be for 2020? …
Continue Reading CIPL: Eight Privacy Priorities for 2020 and Beyond
CNIL Updates FAQs to Prepare for a No-deal Brexit
On September 10, 2019, the French data protection authority updated its existing set of questions and answers (“FAQs”) on the impact of a no-deal Brexit on data transfers from the EU to the UK and discussed how controllers should prepare.
Continue Reading CNIL Updates FAQs to Prepare for a No-deal Brexit
Key Conclusions from Hunton Brussels Seminar on the Update of EU Standard Contractual Clauses for International Data Transfers
On June 12, 2019, Hunton Andrews Kurth and its Centre for Information Policy Leadership (“CIPL”) hosted a roundtable discussion in the firm’s Brussels office on the update of the EU Standard Contractual Clauses for international data transfers (“SCCs”). More than 30 privacy leaders joined together to discuss the challenges of the current SCCs and provide their insights on the updated versions. Hunton partner David Dumont led the discussion, while CIPL President Bojana Bellamy illuminated CIPL’s work in this area. The session also featured Cristina Monti, Policy Officer in the International Data Flows and Protection Unit of the EU Commission DG Justice and Consumers.
…
Continue Reading Key Conclusions from Hunton Brussels Seminar on the Update of EU Standard Contractual Clauses for International Data Transfers
CIPL Issues White Paper on GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges
On May 31, 2019, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP issued a white paper on “GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges.” This blog entry details key points identified in the white paper. …
Continue Reading CIPL Issues White Paper on GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges
EDPB Releases Overview on the Implementation and Enforcement of the GDPR
On February 26, 2019, the European Data Protection Board presented its first overview on the implementation of the GDPR and the roles and means of the national supervisory authorities to the European Parliament. This blog entry provides highlights from the report.
Continue Reading EDPB Releases Overview on the Implementation and Enforcement of the GDPR
CNIL Publishes FAQs to Prepare for a No-Deal Brexit
On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.
Continue Reading CNIL Publishes FAQs to Prepare for a No-Deal Brexit
EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
At its plenary meeting on February 13, 2019, in Brussels, the European Data Protection Board (“EDPB”) adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.
…
Continue Reading EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
Serbia Enacts New Data Protection Law
On November 9, 2018, Serbia’s National Assembly enacted a new data protection law. The Personal Data Protection Law, which becomes effective on August 21, 2019, is modeled after the EU General Data Protection Regulation. …
Continue Reading Serbia Enacts New Data Protection Law
Article 29 Working Party Releases Updated Standard Application Forms for BCRs
On April 11, 2018, the Article 29 Working Party adopted two Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data.
Continue Reading Article 29 Working Party Releases Updated Standard Application Forms for BCRs