Data Protection Authority

On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which:

  1. Set out a three part criteria for identifying whether an action will be considered an international transfer of personal data; and
  2. Clarify that restrictions on international data transfers do apply to transfers to entities located in a third country, but which

The Information Commissioner’s Office (ICO) have issued their response to the UK Government’s Consultation proposing reforms to the UK’s Data Protection regime. While the ICO maintains that it supports the UK Government’s review of the country’s data protection rules and the purpose behind that review, it raises many concerns about the proposals put forward by

In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:

  • The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination

On October 4, 2021, the Brazilian Data Protection Authority (ANPD) published a guide and a checklist on information security measures for small data processing agents. The guide covers measures such as contract management, information security policy and access controls. Such measures are necessary for the fulfillment of the security principle in the Brazilian General Law

On September 18, 2021, most articles of the Brazilian General Data Protection Law (LGPD) will have been effective for one year. During this period , several lawsuits have been filed and some judicial decisions have been published. In addition, ANPD (National Data Protection Authority) issued some guidance relevant to understanding the regulatory scenario, as well

On August 30, 2021, the Brazilian Data Protection Authority (ANPD) published a draft resolution on the application of the Brazilian General Data Protection Law (LGPD) for small businesses that process personal data. The draft presents exemptions with respect to several obligations provided for in the LGPD, especially for microenterprises, small businesses, startups and non-profit legal

On 20 August 2021, China’s much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling

On 18 June 2021, the UK Information Commissioner published a Commissioner’s Opinion (the “Opinion”) on the use of live facial recognition (“LFR”) technology in public spaces. Public spaces are defined broadly and include any non-residential space. The Opinion sets out that there is “a high bar” for businesses to meet.

Today, 21 June 2021, the European Data Protection Board (the “EDPB”) has published its final Recommendations 01/2020 on supplementary measures to ensure compliance with data protection laws when transferring personal data from Europe (the “Recommendations”).

The adoption of these Recommendations is the latest in a series of developments which demonstrate that it is

As the European Union finalizes new tools that raise the requirements to transfer personal data across borders, and as the trend toward localization and restricting cross-border movement of data continues to develop in Asia, organizations must reassess the rules that restrict sharing data internationally and revise their approach in response to this increasingly restrictive, complex