On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area, the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA.
Continue Reading European Commission Releases Draft Standard Contractual Clauses for Article 28 Data Processing Agreements
Standard Contractual Clauses
European Commission Publishes Draft of New Standard Contractual Clauses
Posted on
Posted in European Union, International
On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, along with its draft set of new standard contractual clauses. This blog entry provides key takeaways on the draft decision.
Continue Reading European Commission Publishes Draft of New Standard Contractual Clauses
EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
Posted on
Posted in European Union, International
On November 11, 2020, the European Data Protection Board published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures that may be implemented to ensure the adequate protection of personal data when transferring the data to third countries.
Continue Reading EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision
Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
Posted on
Posted in Information Security, International
On September 8, 2020, the Swiss Data Protection Authority announced in a position statement that it no longer considers the Swiss-U.S. Privacy Shield adequate for the purposes of transfers of personal data from Switzerland to the United States.
Continue Reading Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
Posted on
Posted in European Union, International
On September 4, 2020, the European Data Protection Board announced that it established two taskforces following the judgment of the CJEU in the Schrems II case. …
Continue Reading EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
European Parliament Meeting on Future of EU-U.S. Data Flows
Posted on
On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading European Parliament Meeting on Future of EU-U.S. Data Flows
German DPA Issues Guidance on Data Transfers Following Schrems II
Posted on
Posted in European Union, International
On August 24, 2020, the Data Protection Authority of the German federal state of Baden-Württemberg issued guidance on international data transfers following the judgment of the Court of Justice of the European Union in the Schrems II case.
Continue Reading German DPA Issues Guidance on Data Transfers Following Schrems II
Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
Posted on
Posted in European Union, International
On July 28, 2020, German supervisory authorities issued a statement reiterating the requirement for additional safeguards when organizations rely on Standard Contractual Clauses or Binding Corporate Rules for the transfer of personal data to third countries in the wake of the Court of Justice of the European Union’s invalidation of the Privacy Shield Framework.
Continue Reading Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
EDPB Publishes FAQs on Implications of the Schrems II Case
Posted on
Posted in European Union, International
On July 24, 2020, the European Data Protection Board published a set of Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems II case.
Continue Reading EDPB Publishes FAQs on Implications of the Schrems II Case
BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid
Posted on
On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid