Companies that rely on standard contractual clauses (“SCCs”) for transferring personal data from the European Economic Area (“EEA”) to jurisdictions not considered to offer an adequate level of data protection under the EU General Data Protection Regulation must ensure that none of their existing contracts use the old SCCs after 27 December 2022.

Businesses are

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into

Today, 4 June 2021, the European Commission has formally adopted new standard contractual clauses for international personal data transfers from the European Union to third countries (“New EU SCCs”).

The 34-page New EU SCCs, which have been adopted to reflect the introduction of the General Data Protection Regulation (“GDPR”) and the

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission  which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world.

The Opinions largely

A decision issued on 15 March 2021 by the Bavarian Data Protection Authority (“BayLDA“, publication pending) is the first German enforcement action in connection with last year’s decision of the Court of Justice of the European Union (“CJEU“, “CJEU’s Decision“) on the validity of the European Commission’s Standard Contractual

On 12 November, the European Commission published draft standard contractual clauses for transfers of personal data from the European Union to third countries (“New SCCs“).

Once approved, the New SCCs will replace the previous standard contractual clauses which pre-date the implementation of the General Data Protection Regulation 2016/679 (“GDPR“). The draft

On 12 November, the European Commission published two sets of documents:

  1. draft of the new standard contractual clauses for transfers of personal data from the European Union to third countries (“New SCCs”); and
  2. draft of standard contractual clauses that can be used by controllers when engaging processors located in the European

On 2 September 2020, the European Data Protection Board (“EDPB”) published new Guidelines 07/2020 (“Guidelines”) for public consultation on the concepts of controller and processor under the European General Data Protection Regulation (“GDPR”). Once finalised, the Guidelines will replace the previous Working Party 29 Opinion 1/2010 (WP169), upon which

On 16 July 2020, the Court of Justice of the European Union (“CJEU“) examined the validity of the European Commission’s Privacy Shield Decision (Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield) as well as the validity of the European Commission’s Decision 2010/87/EC on Standard Contractual Clauses between