On July 8, 2021, Colorado Governor Jared Polis signed SB21-190, the Colorado Privacy Act, into law, making Colorado the third state to have a comprehensive data privacy law on the books, following California and Virginia. This blog entry provides a summary of the Act.
Continue Reading Colorado Privacy Act Signed Into Law
Data Processor
EDPB Releases Final Recommendations on Supplementary Measures for International Transfers
Posted on
On June 21, 2021, the European Data Protection Board published the final version of its recommendations on supplementary measures in the context of international transfer safeguards, such as Standard Contractual Clauses.…
Continue Reading EDPB Releases Final Recommendations on Supplementary Measures for International Transfers
China Issues Data Security Law
Posted on
After two rounds of public comments, the Data Security Law of the People’s Republic of China was formally issued on June 10, 2021, and will become effective on September 1, 2021. This blog entry provides highlights of the new law.…
Continue Reading China Issues Data Security Law
CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
Posted on
Posted in European Union, International
On June 15, 2021, the Court of Justice of the European Union released its judgment in case C-645/19 of Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v. the Belgian Data Protection Authority. We provide highlights of the case in this blog entry.…
Continue Reading CJEU Issues Ruling on Jurisdictional Aspects of the GDPR’s One-Stop-Shop
European Commission Publishes Final Version of Updated Standard Contractual Clauses
Posted on
Posted in European Union, International
On June 4, 2021, the European Commission published the final version of the implementing decision on standard contractual clauses for transfers of personal data to third countries under the EU General Data Protection Regulation, as well as the final version of the new standard contractual clauses.…
Continue Reading European Commission Publishes Final Version of Updated Standard Contractual Clauses
Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Posted on
On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.…
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs
Posted on
On May 2, 2021, the Norwegian data protection authority, Datatilsynet, notified a U.S. company of its intention to issue a fine of 25 million Norwegian Krone (approximately 2.5 million Euros). The preliminary fine was issued for failure to comply with the General Data Protection Regulation’s accountability, lawfulness and transparency requirements, primarily due to the company’s tracking of website visitors.…
Continue Reading Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs
China Issues Second Version of the Draft Personal Information Protection Law for Public Comments
Posted on
On April 29, 2021, China issued a second version of the draft Personal Information Protection Law. The draft will be open for public comments until May 28, 2021. …
Continue Reading China Issues Second Version of the Draft Personal Information Protection Law for Public Comments
China Issues the Second Version of the Draft of Data Security Law for Public Comments
Posted on
On April 29, 2021, China issued a second draft version of the Data Security Law (“Draft DSL”). The Draft DSL will be open for public comments until May 28, 2021.
While the framework of this version of the Draft DSL is the same as the prior version issued on July 3, 2020, below we summarize the material changes in the second version of the Draft DSL.…
Continue Reading China Issues the Second Version of the Draft of Data Security Law for Public Comments
Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures
Posted on
On March 15, 2021, the state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine in Bavaria impermissible due to lack of compliance with Schrems II mitigation steps for the transfer of e-mail addresses to the U.S.…
Continue Reading Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures