Tag

Data Transfer

Browsing

Executive Summary On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (“PIPL”), after deliberating two draft versions and seeking for public comment in a ten month’s span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, generally-applicable legislation, as EU does with the aid of the General Data…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

There have been a number of EU and UK developments affecting transfers of personal data. We summarise the key ones below and set out some practical steps to take in light of these developments. Any organisation which transfers personal data to or from the EU27 will need to work out what changes are required to address these new developments. We won’t have full clarity until the European Commission and EDPB finalise their current drafts but…

In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

Introduction Recently, the European Commission published its evaluation report on the first two years of the General Data Protection Regulation (GDPR). The Commission focused on, in particular, two themes in its evaluation, being (1) international data transfers and (2) the cooperation and consistency among the European supervisory authorities. As to the latter, the Commission is of the opinion it should definitely be improved. With regard to international data transfer the Commission focuses on the review…

In the context of the Schrems II case (see a summary here), we continue our analysis of alternative vehicles allowing the transfer of personal to third countries outside the European Economic Area. In previous papers, we focused on Binding Corporate Rules (BCR) [link] as alternatives to the Standard Contractual Clauses (SCC) [link]. This time, we will look at the so-called “derogations for specific situations” set forth under Article 49 GDPR as a subsidiary vehicle to…

The concept of data portability has been of increasing interest in APAC countries. This is partly influenced by data portability provisions in the GDPR. However, scoping and implementing data portability rights in practice is proving challenging. Here is a snapshot of differing and developing approaches.In Thailand, the right to data portability has been incorporated into the new Personal Data Protection Act, which will come into effect in May 2020. In India, the right to data…

Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to the position of the data importer. Indeed, in the following paragraphs, we will turn our attention to the content of the Controller to Processor Standard Contractual Clauses (SCC) and, in particular, to some…

At the doorstep of 2020, advocate general Hendrik Saugmandsgaard Øe (a.g.) rendered his opinion in the so called “Schrems II case” and opined on how European Court of Justice should deal with the GDPR’s regime for international data transfers. See here for a summary on the Schrems II case. In a series of blogs, we further elaborate on the consequences of that opinion and the impact it may have on the current international data transfer…