On February 28, 2023, the European Data Protection Board (“EDPB”) issued its opinion on the draft adequacy decision of the European Commission (the “Commission”) on the new EU-US Data Privacy Framework (“DPF”). The EDPB expressed reservations in connection with the DPF, which will now undergo scrutiny by other European institutions.
Who Should Read This Legal
On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed
Companies that rely on standard contractual clauses (“SCCs”) for transferring personal data from the European Economic Area (“EEA”) to jurisdictions not considered to offer an adequate level of data protection under the EU General Data Protection Regulation must ensure that none of their existing contracts use the old SCCs after 27 December 2022.
Businesses are
Ransomware attacks continue to surge from the levels seen just a few years ago and the threat such attacks present against companies and organisations remains very real – not least because the sums involved also continue to surge. According to a recent report by software company Acronis1, global ransomware damages are predicted to
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic
The European Council and European Parliament recently reached a provisional agreement on the text for the EU’s proposed Directive on minimum cybersecurity standards to be implemented across the EU (NIS2). The text is expected to be formally adopted in the coming months. NIS2 seeks to replace and strengthen the EU’s current Network and Information Society
On 25 May 2022, the European Commission published Questions and Answers for the New Standard Contractual Clauses to provide practical guidance on the use of standard contractual clauses (SCCs) and help organisations with their General Data Protection Regulation (GDPR) compliance efforts. The Commission confirmed that the Q&A document will be regularly updated.
On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The
The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users
On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which: