On 19 July 2023, the European Data Protection Board (EDPB) announced that it had adopted a statement on the European Commission’s first review of the functioning of the adequacy decision for Japan during its 82nd plenary meeting. The context In January 2019 the European Commission adopted an adequacy decision in relation to transfers of personal data from the EU to businesses in Japan. The adequacy decision means that EU standard contractual clauses are not required…
On December 13, the European Commission (“EC”) announced a draft decision on the adequacy of the U.S data protection regime to protect the personal data of European Union (“EU”) residents, the EU-U.S. Data Privacy Framework (“DPF”). The DPF, which was initially announced in March 2022 as a political agreement between the EU and the U.S., and then bolstered by President Biden’s Executive Order (“EO”) in October 2022, opens the door for an EU-U.S. data transfer…
Key changes are updates to the ICO’s existing guidance on international transfers to include a new section on transfer risk assessments, and an accompanying TRA tool.
The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…
Nowadays, data is being considered as the key building block of the global digital economy, and its application plays an essential role in shaping a redefinition of socioeconomic systems. Among other subsectors of data laws, regulations in the realm of cross-border transfer of personal data have drawn considerable attention from both legislators and businesses, and Vietnam is by no means an exception to the rule. In the early of 2021, the Ministry of Public Security…
Executive Summary On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (“PIPL”), after deliberating two draft versions and seeking for public comment in a ten month’s span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, generally-applicable legislation, as EU does with the aid of the General Data…
*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…
There have been a number of EU and UK developments affecting transfers of personal data. We summarise the key ones below and set out some practical steps to take in light of these developments. Any organisation which transfers personal data to or from the EU27 will need to work out what changes are required to address these new developments. We won’t have full clarity until the European Commission and EDPB finalise their current drafts but…
In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…
The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).