On February 14, 2023, in a Draft Motion for a Resolution on the adequacy of the protection afforded by the proposed EU-U.S. Data Privacy Framework, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs urged the European Commission not to adopt the Framework, on the basis that it “fails to create actual equivalence” with the EU in the level of data protection that it provides.
Continue Reading European Parliament Committee Opposes Adequacy Under EU-U.S. Data Privacy Framework in Draft Opinion
Data Transfer
CIPL Publishes Discussion Paper on Digital Assets and Privacy
Posted on
On January 20, 2023, The Centre for Information Policy Leadership at Hunton Andrews Kurth published “Digital Assets and Privacy,” a discussion paper compiling insights from workshops with CIPL member companies that explored the intersection of privacy and digital assets, with a particular focus on blockchain technology. …
Continue Reading CIPL Publishes Discussion Paper on Digital Assets and Privacy
CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
Posted on
On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR). …
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
Posted on
On December 15, 2022, the UK government and the Dubai International Financial Centre Authority issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. …
Continue Reading UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
Speakers Optimistic About New EU-U.S. Data Privacy Framework
Posted on
On December 12, 2022, at the “POLITICO Live” event sponsored by Hunton Andrews Kurth LLP’s Centre for Information Policy Leadership, speakers from both sides of the Atlantic were optimistic that the new EU-U.S. Data Privacy Framework will withstand an anticipated legal challenge.
Continue Reading Speakers Optimistic About New EU-U.S. Data Privacy Framework
UK Finalizes South Korea Adequacy Decision
Posted on
Posted in European Union, International
On November 23, 2022, the UK government’s Department for Digital, Culture, Media & Sport announced that it had completed its assessment of South Korea’s personal data legislation, and concluded that sufficiently strong privacy laws are in place to protect UK personal data transferred to South Korea while upholding the rights and protections of UK citizens.
Continue Reading UK Finalizes South Korea Adequacy Decision
UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments
Posted on
On November 17, 2022, the UK Information Commissioner’s Office published updated guidance on international transfers that includes a new section on transfer risk assessments and a transfer risk assessment tool. …
Continue Reading UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments
President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact
Posted on
On October 7, 2022, President Biden signed Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, which provides a new framework for legal data transfers between the European Union and the United States. …
Continue Reading President Biden Issues Executive Order on New EU-U.S. Data Transfer Pact
Government Security Assessment on Cross-Border Transfer in China
Posted on
On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).Continue Reading Government Security Assessment on Cross-Border Transfer in China
China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information
Posted on
Posted in Information Security, International
On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information