Tagged as: Cross-Border Data Transfers

United States to Join Cross-Border Privacy Effort

The United States is making efforts to further ease the burden of managing cross-border data transfers amid vast and often divergent privacy regulations across the globe. In addition to the recent announcement from the EU and U.S. on agreement for the Trans-Atlantic Data Privacy Framework, as announced by the US…

Read More

U.S. and EU Reach Political Agreement On a New Trans-Atlantic Data Privacy Framework: The Implications for Businesses

On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…

Read More

UK Data Transfer Mechanism Comes Into Force

The International Data Transfer Agreement (“IDTA”), the long awaited mechanism for international transfers of personal data originating from the United Kingdom (“UK”), is now in force as of March 21, 2022, along with a separate addendum to the EU standard contractual clauses (“UK Addendum”). These transfer mechanisms were introduced by…

Read More

Israel's Privacy Regulator Relaxes Onward Transfers Restriction

In a draft opinion published today, the Israeli Privacy Protection Authority (IPPA) relaxed one of the most stringent requirements under Israel’s data protection law, which for years cast doubts over the legality of any onward transfer in case of a data transfer from Israel. The opinion states that onward transfers…

Read More

EDPB Defines a "Transfer" Under the GDPR

On 18 November 2021 the European Data Protection Board (“EDPB”) released its Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (“Guidelines”) for public consultation.  The Guidelines clarify one of the most vexing issues in…

Read More

Québec Adopts New Comprehensive Data Protection Law

On September 22, 2021, Bill 64, the Act to Modernize Legislative Provisions respecting the Protection of Personal Information[1] (the “Act”) received royal assent in Québec.  This important and comprehensive new data protection law will usher in significant changes to the protection of personal data in Québec, bringing the privacy regulatory…

Read More

China Publishes Draft Guidelines on Security Review Requirements for Data Exports

China’s new framework for regulating data transfers is beginning to take shape. On October 29, 2021, China’s cybersecurity regulator, the Cyberspace Administration of China (CAC), published draft guidelines outlining when and how data controllers must undergo a security assessment before transferring data out of China pursuant to the country’s recently-issued…

Read More

EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR: Another New Set of SCCs Seen

The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…

Read More

There's a New Regulator in Town: China Passes an Omnibus Data Privacy Law

On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…

Read More

Europe Opts for Pragmatism with new SCCs and ICO Opens Consultations on UK SCC — What Companies Need to do Next

The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…

Read More

12