Cross-Border Data Flow

On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

On October 29, 2021, the Cyberspace Administration of China released for public comment Draft Measures on Security Assessment of Cross-border Data Transfer. The CAC issued the Draft Measures three days before the November 1, 2021 effective date of the Personal Information Protection Law.
Continue Reading China Issues Draft Measures on Security Assessment of Cross-border Data Transfer

On August 27, 2021, the Federal Data Protection and Information Commissioner announced that the new EU Standard Contractual Clauses may be relied on to legitimize transfers of personal data from Switzerland to countries without an adequate level of data protection, provided that the necessary amendments and adaptations are made for use under Swiss data protection law.
Continue Reading Swiss DPA Recognizes the New EU Standard Contractual Clauses

On August 26, 2021, the UK Department of Culture, Media and Sport made news by publishing a document indicating its intent to begin making adequacy decisions for UK data transfers to foreign jurisdictions and by announcing its preferred candidate for the position of new UK Information Commissioner.
Continue Reading UK DCMS Identifies Priority Jurisdictions for UK Adequacy Recognition and Proposes New UK Information Commissioner

On August 11, 2021, the UK Information Commissioner’s Office launched a consultation on its draft international data transfer agreement and guidance for organizations on international transfers. Once finalized, the agreement will replace the existing EU Standard Contractual Clauses in the UK.
Continue Reading ICO Consultation on International Data Transfer Agreement to Replace SCCs

In an article originally published on Practical Law, Hunton Andrews Kurth partner Bridget Treacy discusses the European Commission’s long-awaited SCCs, including considerations for personal data transfers from the UK. This blog entry provides a link to download the article.
Continue Reading European Commission’s New Standard Contractual Clauses: What They Mean for UK Businesses

On June 28, 2021, the European Commission adopted two adequacy decisions for the United Kingdom, one under the GDPR and another under the Law Enforcement Directive. Their adoption means organizations in the EU can continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the SCCs, to ensure an adequate level of protection.
Continue Reading European Commission Adopts UK Adequacy Decision

On June 21, 2021, the European Data Protection Board published the final version of its recommendations on supplementary measures in the context of international transfer safeguards, such as Standard Contractual Clauses.
Continue Reading EDPB Releases Final Recommendations on Supplementary Measures for International Transfers