On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs urged the European Commission not to adopt the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.
Continue Reading European Parliament Committee Opposes Adequacy Under EU-U.S. Data Privacy Framework in Draft Opinion

On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules

On December 12, 2022, at the “POLITICO Live” event sponsored by Hunton Andrews Kurth LLP’s Centre for Information Policy Leadership, speakers from both sides of the Atlantic were optimistic that the new EU-U.S. Data Privacy Framework will withstand an anticipated legal challenge.
Continue Reading Speakers Optimistic About New EU-U.S. Data Privacy Framework

On November 23, 2022, the UK government’s Department for Digital, Culture, Media & Sport announced that it had completed its assessment of South Korea’s personal data legislation, and concluded that sufficiently strong privacy laws are in place to protect UK personal data transferred to South Korea while upholding the rights and protections of UK citizens.
Continue Reading UK Finalizes South Korea Adequacy Decision

On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States.
Continue Reading President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact

On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).

Continue Reading Government Security Assessment on Cross-Border Transfer in China

On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.

Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information