Cross-Border Data Flow

On March 25, 2022, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo issued a joint statement announcing that the negotiations on an enhanced EU-U.S. Privacy Shield framework will intensify. In addition, in a speech given in Brussels, the President of the European Commission, Ursula von der Leyden, and U.S. President Biden indicated that they have found an agreement on data flows between the EU and U.S.
Continue Reading European Commission and United States Announce Agreement in Principle on Trans-Atlantic Data Privacy Framework

On August 11, 2021, the UK Information Commissioner’s Office launched a consultation on its draft international data transfer agreement and guidance for organizations on international transfers. Once finalized, the agreement will replace the existing EU Standard Contractual Clauses in the UK.
Continue Reading Update: International Data Transfer Agreement and Addendum Replace SCCs

The Austrian data protection authority recently published a decision finding that the use of Google Analytics cookies violates both Chapter V of the GDPR, which establishes the rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements

The European Data Protection Supervisor recently issued a decision against the European Parliament in a case that resulted from a complaint submitted by certain Members of the European Parliament who alleged that the Parliament’s use of cookies violated data protection law, including requirements regarding the transfer of personal data outside of the EU.
Continue Reading EDPS Issues Decision on EU Parliament’s Cookie Violations

On December 21, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities.
Continue Reading European Commission Adopts South Korea Adequacy Decision

On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

On October 29, 2021, the Cyberspace Administration of China released for public comment Draft Measures on Security Assessment of Cross-border Data Transfer. The CAC issued the Draft Measures three days before the November 1, 2021 effective date of the Personal Information Protection Law.
Continue Reading China Issues Draft Measures on Security Assessment of Cross-border Data Transfer