On 8 March the UK Government published a new Data Protection and Digital Information Bill (No. 2) (“New Bill”). This is a different Bill from the one that was introduced into Parliament last summer, the Data Protection and Digital Information Bill (“Original Bill”). Although the New Bill has been introduced separately into Parliament, the proposals in the New Bill are substantially the same as the Original Bill. Therefore, the proposals for UK data protection reform…
28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…
In this episode, Brian Hengesbaugh, Global Chair of Privacy & Security, is joined by Ben Slinn, senior associate in London, as they discuss data privacy predictions across the globe for the year ahead. Listen in to hear about: The data protection regime in the UK post Brexit and what lies ahead Trends and issues that we are seeing from an EU perspective Key developments and significant changes on the horizon outside of the EU For…
The UK data protection framework is set to change. These changes will be relevant for organisations in the UK as well as organisations outside of the UK that offer goods or services to data subjects in the UK or monitor their behaviour. From a practical perspective many of the proposed changes are focused on reducing certain obligations, particularly record keeping obligations such as records of processing or data protection impact assessments. However, it is important…
The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…
Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…
In this Connect on Tech episode, Brian Hengesbaugh is joined by Ben Slinn to discuss the increased focus on and heightened protection around children’s data in the UK. Ben, a leading privacy attorney in our London office, reviews the new UK Age Appropriate Designs Code, intended to address key areas affecting data of children under the age of 18 with respect to online services. The Code, which companies are required to comply with from September 2, 2021, includes 15…
The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…
The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…
On May 31, 2021, Max Schrems’ privacy organization, noyb (or “none of your business”), made over 500 complaints to companies related to what the organization called their “unlawful cookie banners.” Using automated scanning programs, nyob searched commonly used European websites and analyzed the cookie options provided on certain of these websites. nyob claims that it identified “more than fifteen common abuses” of cookie consent management, with some of the most prevalent “violations” identified as follows:…