On 22 May 2023, the Irish Data Protection Commission (“DPC”) fined Facebook parent Meta EUR 1.2 billion for transferring personal data to the U.S. in violation of GDPR. The DPC also ordered Meta to suspend further transfers unless it can bring such transfers into compliance within 5 months. Meta is…
On September 25, 2020, the Swiss Parliament approved revisions to Switzerland’s data protection law, the Federal Act on Data Protection of June 19, 1992 or FADP (“Revised FADP”). On August 31, 2022, the Swiss Federal Council decided that the Revised FADP will be brought into force on September 1st, 2023…
UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…
On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…
On January 12, 2022, the French data protection authority, Commission nationale de l’informatique et des libertés, issued guidance on the reuse of personal data by processors for their own purposes under the EU General Data Protection Regulation. The guidance addresses one of the most common — and hotly contested — aspects of…
On January 6, 2022, the Israeli government released a long anticipated bill amending and updating Israel’s 1981 Privacy Protection Act (PPA) (the Bill). If passed, the Bill would constitute the most comprehensive update of the PPA in more than two decades. Primarily, the Bill greatly enhances the enforcement and investigation…
In a draft opinion published today, the Israeli Privacy Protection Authority (IPPA) relaxed one of the most stringent requirements under Israel’s data protection law, which for years cast doubts over the legality of any onward transfer in case of a data transfer from Israel. The opinion states that onward transfers…
Now that 2021 came to a close, what does our crystal ball predict for privacy developments in 2022? Here’s a quick rundown. Law and policy developments In 2022, expect an avalanche of new laws and regulations, attempting to govern and impose order on a dizzying array of tech developments. New…
The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee of China’s National People’s Congress, China’s top legislative body, and is slated to take effect on…