Michaela Nebel, Author at Connect On Tech

In Data Privacy

Key Takeaways From India’s Digital Personal Data Protection Bill, 2023

On August 9, India’s Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) passed both houses of the Indian Parliament and now awaits Presidential assent. In 2017, India’s Supreme Court mandated that privacy is a fundamental human right. Since that time, India has been working to pass data protection legislation. The DPDP Bill is India’s fifth draft of the bill. The DPDP Bill only applies to the processing of digital personal data in India, where the personal…

In Data Privacy

European Commission adopts “adequacy” decision for the EU-U.S. Data Privacy Framework (“DPF”)

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…

In Data Privacy

US Government Announces Full Implementation of New Privacy Safeguards under Executive Order 14086: The Path is Now Cleared for the European Commission to Adopt the Adequacy Decision for the EU-U.S. Data Privacy Framework

The US Office of the Director of National Intelligence (“ODNI”) announced today that it has fully implemented new safeguards under Executive Order 14086. See INTEL – ODNI Releases IC Procedures Implementing New Safeguards in Executive Order 14086. These steps clear the path for the European Commission to adopt the draft “adequacy decision” for cross-border data transfers pursuant to the EU-U.S. Data Privacy Framework. By way of brief background, in July 2020, the Court of Justice…

In Data Privacy

Data Protection Day – Key developments and trends for 2023

January 26, 2023 by Benjamin Slinn, Vinod Bange, Dr Lukas Feiler, Alissa Forstner, Liz Grimwood-Taylor, Anne-Marie Allgrove, Anne Petterd, Caitlin Whale, Adrian Lawrence, Toby Patten, Guillermo José Cervio, Valentina Salas, Valentina Biondi Grane, Elisabeth Dehareng, Caroline Serbanescu, Flavia Rebello, Theo Ling, Conrad Flaczyk, Nadia Rauf, Carolina Pardo, Magalie Dansac Le Clerc, Yann Padova, Florian Tannen, Dr Michaela Nebel, Prof. Dr. Michael Schmidl, Jiří Čermák, Milena Hoffmanová, Lenka Bešťáková, Francesca Gaudino, Yuki Kondo, Daisuke Tatsuno, Kensaku Takase, Dr. Csaba Vári, Marcia Lee, Benjamin Lau, Daniel Villanueva-Plasencia, Carlos Vela-Trevino, Elvia Aragon, Nathalja Doing, Teresa Tovar, Bienvenido A. Marquez III, Frederick August I. Jose, Radoslaw Nozykowski, Patricia Pérez, Peder Oxhammar, William Höglund, Emelie Ageby Svensson, Margarita Kozlov, Johanna Moesch (Mösch), Nadine Charrière, Muriel Binder, Jo-Fan Yu, Dhiraphol Suwanprateep, Pattaraphan Paiboon, Kritiyanee Buranatrevedhya, Thananya Chaikamonsuk, Can Sozer, Yigit Acar, Ecem Elver, Aybuke Gundel, Kellie Blyth, Maher Ghalloussi, Lucrezia Lorenzini, Alex Toh, Ken Chia, Cristina Messerschmidt, Rachel Ehlers, Cynthia Cole, Brian Hengesbaugh, Stephen Reynolds, Nick Merker, Harry Valetk, Lothar Determann, Jonathan Tam, Helena Engfeldt, Maria Eugenia Salazar-Furiati, Manh Hung Tran and Jacqueline Wong 102 Mins Read

28 January 2023 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2023, Baker McKenzie’s Global Data Privacy and Security Team is pleased to present this special edition update of key data protection and privacy developments and trends across the globe, as well summarising future legislative changes, predictions, and enforcement priorities to look out for during 2023.…

In Data Privacy

European Commission Moves Towards U.S. Adequacy Decision for Data Transfers

On December 13, the European Commission (“EC”) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (“EU”) residents, the EU-U.S. Data Privacy Framework (“DPF”). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Biden’s Executive Order (“EO”) in October 2022, opens the door for an EU-U.S. data transfer…

In Data Privacy

Critical Steps for Increased Legal Certainty for EU to U.S. Personal Data Flows

In March 2022, U.S. and EU leaders reached an agreement in principle on a new accord to protect data flows entitled the Trans-Atlantic Data Privacy Framework (“EU-U.S. DPF”). Today, the US Government has taken important steps to implement this critical data flow framework, and strengthen legal certainty for EU to US personal data transfers. First, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” (“EO”). The EO enhances privacy…

In Data Privacy

Podcast Episode: Privacy Notice Obligations – Are They Still Important?

May 5, 2022 by Harry Valetk, Dr Michaela Nebel and Francesca Gaudino 1 Min Read

In this episode, Harry Valetk is joined by partners Francesca Gaudino, based in Milan, and Michaela Nebel, based in Frankfurt, as they discuss privacy notice obligations. Listen in to hear about whether or not data privacy notifications are still relevant and other key considerations that may be overlooked including: How often companies and data protection officers should review their noticesEmployee vs. customer privacy noticesOnline vs. offline privacy noticesLanguage requirements and more https://open.spotify.com/episode/0oqo22X8U2xPCznVDqUJtp Want to Learn…

In Data Privacy

Data Protection Day – Key developments and looking ahead to 2022

January 27, 2022 by Benjamin Slinn, Dr Michaela Nebel, Florian Tannen, Prof. Dr. Michael Schmidl, Magalie Dansac Le Clerc, Hugo Roy, Dr Lukas Feiler, Beat Koenig, Elisabeth Dehareng, Francesca Gaudino, Radoslaw Nozykowski, Nathalja Doing, Dr. Csaba Vári, Ilay Yilmaz, Can Sozer, Yigit Acar, Anne-Marie Allgrove, Liz Grimwood-Taylor, Dhiraphol Suwanprateep, Manh Hung Tran, Ken Chia, Alex Toh, Jacqueline Wong, Paolo Sbuttoni, Zhenyu "Jay" Ruan, Kensaku Takase, Daisuke Tatsuno, Kellie Blyth, Arjun Patel, Theo Ling, Conrad Flaczyk, Nadia Rauf, Cristina Messerschmidt, Brian Hengesbaugh, Stephen Reynolds, Nick Merker, Harry Valetk, Michael Egan, Gary Hunt, Dominic Panakal, Alex Crowley, Justin Burgess, Daniel Villanueva-Plasencia, Carlos Vela-Trevino, Flavia Rebello, Suha Alwan and Nadine Bosshard 66 Mins Read

Friday 28 January 2022 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2022, our Global Data Privacy and Security Team have provided a roundup of key trends and developments across the globe from a data protection perspective as well as looking ahead to what to expect in 2022. There are new laws and developments to keep…

In Data Privacy

Consideration for EU Service Providers Supporting EU and Non-EU Customers

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

In Data Privacy

Top-10 Do’s and Don’ts for Service Providers Implementing the New SCCs with EU Customers

June 28, 2021 by Brian Hengesbaugh, Dr Lukas Feiler and Dr Michaela Nebel 7 Mins Read

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the Official Journal. The new SCCs are a mechanism companies can use to address the restriction under Article 44 in the EU General Data Protection Regulation on the cross-border transfer of personal data to third countries. Given the timing requirements in the commission’s decision, the U.S. and other service providers located in…