Adequacy Decisions

Subscribe to Adequacy Decisions

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which:

  1. Set out a three part criteria for identifying whether an action will be considered an international transfer of personal data; and
  2. Clarify that restrictions on international data transfers do apply to transfers to entities located in a third country, but which

Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission  which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world.

The Opinions largely

Scenario

A US company is conducting a global internal investigation. To carry it out, the company plans to transfer documents and emails held by its French subsidiary to the company’s US servers for review and analysis. Aware that Europe has stringent data privacy rules, the US in-house counsel is looking for specific guidance on whether

On 12 November, the European Commission published draft standard contractual clauses for transfers of personal data from the European Union to third countries (“New SCCs“).

Once approved, the New SCCs will replace the previous standard contractual clauses which pre-date the implementation of the General Data Protection Regulation 2016/679 (“GDPR“). The draft

On 11 November 2020, the European Data Protection Board (the “EDPB”) published for public consultation new Recommendations 01/2020 on the measures to be taken to supplement the personal data transfer tools organisations currently rely upon to ensure compliance with EU data protection laws when transferring personal data from Europe (the “Recommendations”).

The Recommendations

On January 27, 2020, the US Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a 13-page report of observations from its examinations of market participants’ cybersecurity and operational resiliency practices.1 This Legal Update discusses the content and context of the report and its implications for entities subject to examination by

On December 19, the EU Commission (“Commission”) published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the “Report”).

To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the

The European Data Protection Board (“EDPB”) held its first plenary meeting on May 25, 2018, the same day the EU General Data Protection Regulation (“GDPR”) came into force.

The EDPB replaces the Article 29 Working Party, which was an advisory body made up of the various data protection authorities under the prior European Union (“EU”)