Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.

The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

In August 2021, the ICO launched a consultation on replacing the use of the old EU based standard contractual clauses for international transfers of personal data outside of the UK (“Old SCCs“) with new transfer tools to reflect the post-Brexit environment. Following the end of that consultation, the Department for Culture, Media and

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) launched a consultation outlining its proposals to extensively reform the UK’s data protection and privacy regime, following its departure from the European Union (“EU”).

The new data protection rules proposed for the UK would see the country deviate

On 20 August 2021, China’s much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling

Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into

Today, 21 June 2021, the European Data Protection Board (the “EDPB”) has published its final Recommendations 01/2020 on supplementary measures to ensure compliance with data protection laws when transferring personal data from Europe (the “Recommendations”).

The adoption of these Recommendations is the latest in a series of developments which demonstrate that it is