Cristina Messerschmidt, Author at Connect On Tech

In Cybersecurity

SEC Adopts Final Cybersecurity Rules

In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…

In Data Privacy & Security

European Commission adopts “adequacy” decision for the EU-U.S. Data Privacy Framework (“DPF”)

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…

In California Privacy Law

State Consumer Privacy Laws Trending in 2023: Montana and Tennessee Join the Fold

May 3, 2023 by Cynthia Cole, Helena Engfeldt, Jonathan Tam, Brian Hengesbaugh, Rachel Ehlers, Lothar Determann, Cristina Messerschmidt and Harry Valetk 13 Mins Read

After a slowdown in 2022–US states are back at the drawing board of consumer privacy laws with four passing in the last month alone. Here, we break down what you need to know about the Montana and Tennessee bills. In brief The early months of 2023 have brought a bumper crop of new state privacy legislation, with Tennessee and Montana legislatures poised to become the eighth and ninth states to enact comprehensive privacy laws. The…

In Data Privacy & Security

EDPB Begins 2023 Coordinated Enforcement Action Focused on Data Protection Officers

April 6, 2023 by Brian Hengesbaugh, Cristina Messerschmidt, Alex Crowley, Francesca Gaudino and Vinod Bange 5 Mins Read

In brief The European Data Protection Board (EDPB) has begun the 2023 iteration of its annual coordinated enforcement action under the General Data Protection Regulation (GDPR). In coordination with twenty-six EDPB Supervisory Authorities (SAs), the EDPB will analyze the roles, tasks, resources, and positions of Data Protection Officers (DPOs) in public and private sector organizations. DPOs should expect to receive requests soon from Supervisory Authorities to respond to questionnaires intended to aid that analysis, describing…

In Data Privacy & Security

China proposes significant reorganization of data protection regulatory structure

March 13, 2023 by Brian Hengesbaugh, Cristina Messerschmidt, Rachel Ehlers and Zhenyu "Jay" Ruan 2 Mins Read

In Brief On March 7, 2023, China’s State Council unveiled plans to consolidate the country’s data protection functions into a single National Data Bureau to address the inconsistencies around the administration of China’s data and security laws. Background The privacy and security legal landscape in China has quickly evolved in recent years. The Cybersecurity Law (CSL) was adopted in 2017, and modified in 2022. The Personal Information Protection Law (PIPL) and the Data Security Law…

In Data Privacy & Security

European Data Protection Board Raises Concerns on Proposed Data Transfer Framework

March 7, 2023 by Brian Hengesbaugh, Rachel Ehlers, Cristina Messerschmidt, Harry Valetk and Marcela Pertusi 3 Mins Read

In brief On February 28, 2023, the European Data Protection Board (“EDPB”) published its non-binding opinion on the European Commission’s draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). As we have previously written, the DPF is intended to re-establish one of the legal mechanisms for transfers of personal data from the European Union (“EU”) to the U.S. The DPF replaces the EU-U.S. Privacy Shield (“Privacy Shield”), which the EU Court of Justice (“CJEU”)…

In Data Privacy & Security

China Issues Standard Contractual Clauses, effective June 1

March 2, 2023 by Zhenyu "Jay" Ruan, Brian Hengesbaugh, Rachel Ehlers, Cristina Messerschmidt, Brittney Justice, Xi Chen, Michael Wang and Avi Toltzis 5 Mins Read

In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…

In Data Privacy & Security

Data Protection Day – Key developments and trends for 2023

January 26, 2023 by Benjamin Slinn, Vinod Bange, Dr Lukas Feiler, Alissa Forstner, Liz Grimwood-Taylor, Anne-Marie Allgrove, Anne Petterd, Caitlin Whale, Adrian Lawrence, Toby Patten, Guillermo José Cervio, Valentina Salas, Valentina Biondi Grane, Elisabeth Dehareng, Caroline Serbanescu, Flavia Rebello, Theo Ling, Conrad Flaczyk, Nadia Rauf, Carolina Pardo, Magalie Dansac Le Clerc, Yann Padova, Florian Tannen, Dr Michaela Nebel, Prof. Dr. Michael Schmidl, Jiří Čermák, Milena Hoffmanová, Lenka Bešťáková, Francesca Gaudino, Yuki Kondo, Daisuke Tatsuno, Kensaku Takase, Dr. Csaba Vári, Marcia Lee, Benjamin Lau, Daniel Villanueva-Plasencia, Carlos Vela-Trevino, Elvia Aragon, Nathalja Doing, Teresa Tovar, Bienvenido A. Marquez III, Frederick August I. Jose, Radoslaw Nozykowski, Patricia Pérez, Peder Oxhammar, William Höglund, Emelie Ageby Svensson, Margarita Kozlov, Johanna Moesch (Mösch), Nadine Charrière, Muriel Binder, Jo-Fan Yu, Dhiraphol Suwanprateep, Pattaraphan Paiboon, Kritiyanee Buranatrevedhya, Thananya Chaikamonsuk, Can Sozer, Yigit Acar, Ecem Elver, Aybuke Gundel, Kellie Blyth, Maher Ghalloussi, Lucrezia Lorenzini, Alex Toh, Ken Chia, Cristina Messerschmidt, Rachel Ehlers, Cynthia Cole, Brian Hengesbaugh, Stephen Reynolds, Nick Merker, Harry Valetk, Lothar Determann, Jonathan Tam, Helena Engfeldt, Maria Eugenia Salazar-Furiati, Manh Hung Tran and Jacqueline Wong 102 Mins Read

28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…

In Data Privacy & Security

European Commission Moves Towards U.S. Adequacy Decision for Data Transfers

On December 13, the European Commission (“EC”) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (“EU”) residents, the EU-U.S. Data Privacy Framework (“DPF”). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Biden’s Executive Order (“EO”) in October 2022, opens the door for an EU-U.S. data transfer…

In California Privacy Law

California Privacy Agency Releases Modified Proposed Regulations

October 21, 2022 by Brian Hengesbaugh, Cynthia Cole, Rachel Ehlers, Cristina Messerschmidt and Harry Valetk 6 Mins Read

This week, the California Privacy Protection Agency (“CPPA”) released modified proposed regulations (“Modified Regulations”) for compliance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), and an explanation of the proposed changes, ahead of its upcoming Board Meetings. It is expected that the CPPA will discuss, and possibly adopt or modify further, the Modified Regulations during the CPPA Board Meetings which are scheduled for October 21-22 and October 28-29, 2022.…