On November 17, 2022, the UK Information Commissioner’s Office published updated guidance on international transfers that includes a new section on transfer risk assessments and a transfer risk assessment tool.
Continue Reading UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments
Standard Contractual Clauses
EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
On February 22, 2022, the European Data Protection Board adopted its final Guidelines 04/2021 on Codes of Conduct as tools for transfers, following a public consultation that took place in 2021.
Continue Reading EDPB Adopts Guidelines on Codes of Conduct as Tools for Transfers
Update: International Data Transfer Agreement and Addendum Replace SCCs
On August 11, 2021, the UK Information Commissioner’s Office launched a consultation on its draft international data transfer agreement and guidance for organizations on international transfers. Once finalized, the agreement will replace the existing EU Standard Contractual Clauses in the UK.
Continue Reading Update: International Data Transfer Agreement and Addendum Replace SCCs
EDPS Issues Decision on EU Parliament’s Cookie Violations
The European Data Protection Supervisor recently issued a decision against the European Parliament in a case that resulted from a complaint submitted by certain Members of the European Parliament who alleged that the Parliament’s use of cookies violated data protection law, including requirements regarding the transfer of personal data outside of the EU. …
Continue Reading EDPS Issues Decision on EU Parliament’s Cookie Violations
The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
On November 19, 2021, the European Data Protection Board published its draft Guidelines 05/2021 on the interplay between the application of Article 3 of the GDPR, which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers.
Continue Reading The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR
Transition Period for Old Standard Contractual Clauses Ends
On September 27, 2021, the transition period allowing companies to continue using the previous EU Standard Contractual Clauses for transfers from the EU ended. Companies entering into new transfer agreements incorporating SCCs must now use the new SCCs. …
Continue Reading Transition Period for Old Standard Contractual Clauses Ends
DCMS Consults on National Data Strategy
On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport launched a consultation on its proposed reforms to the UK data protection regime to reflect DCMS’s effort to deliver on Mission 2 of the National Data Strategy. The consultation will close on November 19, 2021, and CIPL will consult with members to prepare a formal response to the consultation.
Continue Reading DCMS Consults on National Data Strategy
Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers
The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers
Swiss DPA Recognizes the New EU Standard Contractual Clauses
On August 27, 2021, the Federal Data Protection and Information Commissioner announced that the new EU Standard Contractual Clauses may be relied on to legitimize transfers of personal data from Switzerland to countries without an adequate level of data protection, provided that the necessary amendments and adaptations are made for use under Swiss data protection law. …
Continue Reading Swiss DPA Recognizes the New EU Standard Contractual Clauses
European Commission’s New Standard Contractual Clauses: What They Mean for UK Businesses
In an article originally published on Practical Law, Hunton Andrews Kurth partner Bridget Treacy discusses the European Commission’s long-awaited SCCs, including considerations for personal data transfers from the UK. This blog entry provides a link to download the article.
Continue Reading European Commission’s New Standard Contractual Clauses: What They Mean for UK Businesses