Cross-Border Data Flow

On January 26, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for input from the UK’s Digital Regulation Cooperation Forum on its workplan for 2023 – 2024.
Continue Reading CIPL Responds to UK Digital Regulation Cooperation Forum (DRCF) Workplan 2023 to 2024 Call for Input

On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules

On December 12, 2022, at the “POLITICO Live” event sponsored by Hunton Andrews Kurth LLP’s Centre for Information Policy Leadership, speakers from both sides of the Atlantic were optimistic that the new EU-U.S. Data Privacy Framework will withstand an anticipated legal challenge.
Continue Reading Speakers Optimistic About New EU-U.S. Data Privacy Framework

On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).

Continue Reading Government Security Assessment on Cross-Border Transfer in China

On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.

Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information

On June 10, 2022, CIPL published a white paper entitled “Local Law Assessments and Online Services – Refining the Approach to Beneficial and Privacy-Protective Cross-Border Data Flows A: Case Study from British Columbia.”
Continue Reading CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies

The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities