Tag

Data Transfer

Browsing

The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…

Nowadays, data is being considered as the key building block of the global digital economy, and its application plays an essential role in shaping a redefinition of socioeconomic systems. Among other subsectors of data laws, regulations in the realm of cross-border transfer of personal data have drawn considerable attention from both legislators and businesses, and Vietnam is by no means an exception to the rule. In the early of 2021, the Ministry of Public Security…

Executive Summary On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (“PIPL”), after deliberating two draft versions and seeking for public comment in a ten month’s span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, generally-applicable legislation, as EU does with the aid of the General Data…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

There have been a number of EU and UK developments affecting transfers of personal data. We summarise the key ones below and set out some practical steps to take in light of these developments. Any organisation which transfers personal data to or from the EU27 will need to work out what changes are required to address these new developments. We won’t have full clarity until the European Commission and EDPB finalise their current drafts but…

In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

Introduction Recently, the European Commission published its evaluation report on the first two years of the General Data Protection Regulation (GDPR). The Commission focused on, in particular, two themes in its evaluation, being (1) international data transfers and (2) the cooperation and consistency among the European supervisory authorities. As to the latter, the Commission is of the opinion it should definitely be improved. With regard to international data transfer the Commission focuses on the review…

In the context of the Schrems II case (see a summary here), we continue our analysis of alternative vehicles allowing the transfer of personal to third countries outside the European Economic Area. In previous papers, we focused on Binding Corporate Rules (BCR) [link] as alternatives to the Standard Contractual Clauses (SCC) [link]. This time, we will look at the so-called “derogations for specific situations” set forth under Article 49 GDPR as a subsidiary vehicle to…

The concept of data portability has been of increasing interest in APAC countries. This is partly influenced by data portability provisions in the GDPR. However, scoping and implementing data portability rights in practice is proving challenging. Here is a snapshot of differing and developing approaches.In Thailand, the right to data portability has been incorporated into the new Personal Data Protection Act, which will come into effect in May 2020. In India, the right to data…