Cross-Border Data Flow

On December 12, 2022, at the “POLITICO Live” event sponsored by Hunton Andrews Kurth LLP’s Centre for Information Policy Leadership, speakers from both sides of the Atlantic were optimistic that the new EU-U.S. Data Privacy Framework will withstand an anticipated legal challenge.
Continue Reading Speakers Optimistic About New EU-U.S. Data Privacy Framework

On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).Continue Reading Government Security Assessment on Cross-Border Transfer in China

On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information

On June 10, 2022, CIPL published a white paper entitled “Local Law Assessments and Online Services – Refining the Approach to Beneficial and Privacy-Protective Cross-Border Data Flows A: Case Study from British Columbia.”
Continue Reading CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies

The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities

On March 25, 2022, European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo issued a joint statement announcing that the negotiations on an enhanced EU-U.S. Privacy Shield framework will intensify. In addition, in a speech given in Brussels, the President of the European Commission, Ursula von der Leyden, and U.S. President Biden indicated that they have found an agreement on data flows between the EU and U.S.
Continue Reading European Commission and United States Announce Agreement in Principle on Trans-Atlantic Data Privacy Framework