The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users
Adequacy Decisions
New guidance issued by the EDPB on international transfers of personal data
On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which:
- Set out a three part criteria for identifying whether an action will be considered an international transfer of personal data; and
- Clarify that restrictions on international data transfers do apply to transfers to entities located in a third country, but which
…
The Free Flow of Personal Data From the European Economic Area to the United Kingdom Can Continue (at Least for Now)
Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into…
European Data Protection Board issues opinions on European Commission’s draft UK adequacy decisions
On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions (“Opinions“) concerning draft UK adequacy decisions published by the European Commission which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world.
The Opinions largely…
Electronic Discovery & Information Governance – Tip of the Month: GDPR and US Companies: What You Need to Know
Scenario
A US company is conducting a global internal investigation. To carry it out, the company plans to transfer documents and emails held by its French subsidiary to the company’s US servers for review and analysis. Aware that Europe has stringent data privacy rules, the US in-house counsel is looking for specific guidance on whether…
New requirements for transferring personal data from Europe: a detailed analysis of the new draft Standard Contractual Clauses published by the European Commission
On 12 November, the European Commission published draft standard contractual clauses for transfers of personal data from the European Union to third countries (“New SCCs“).
Once approved, the New SCCs will replace the previous standard contractual clauses which pre-date the implementation of the General Data Protection Regulation 2016/679 (“GDPR“). The draft…
European Data Protection Board Publishes Recommendations on the Supplementary Measures to be Taken for International Personal Data Transfers From Europe
On 11 November 2020, the European Data Protection Board (the “EDPB”) published for public consultation new Recommendations 01/2020 on the measures to be taken to supplement the personal data transfer tools organisations currently rely upon to ensure compliance with EU data protection laws when transferring personal data from Europe (the “Recommendations”).
The Recommendations…
SEC’s OCIE Publishes Observations on Cybersecurity and Resiliency Practices
On January 27, 2020, the US Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a 13-page report of observations from its examinations of market participants’ cybersecurity and operational resiliency practices.1 This Legal Update discusses the content and context of the report and its implications for entities subject to examination by
EU-US Privacy Shield Undergoes Second Review by EU Commission and (Re)Passes the Test—For Certifying Companies, Santa Has Come to Town
On December 19, the EU Commission (“Commission”) published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the “Report”).
To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the…
GDPR: European Data Protection Board Adopts Final Guidelines on Derogations Under Art. 49 and Draft Guidelines on Certification Under Art. 42
The European Data Protection Board (“EDPB”) held its first plenary meeting on May 25, 2018, the same day the EU General Data Protection Regulation (“GDPR”) came into force.
The EDPB replaces the Article 29 Working Party, which was an advisory body made up of the various data protection authorities under the prior European Union (“EU”)…