The European Data Protection Board (EDPB) recently published minutes of its last plenary meeting held in September 2021, which (in paragraph 2) shed light on how the EDPB may address one of the biggest open issues regarding data transfers from Europe — whether under General Data Protection Regulation (GDPR), Chapter V data…
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reigns on how the New SCCs cover data transfers and what companies need to do to take advantage of them and comply with regulatory implementation guidance, including in relation to…
On 13 April 2021, the British Virgin Islands (“BVI” or “Virgin Islands”) became the latest jurisdiction to enact a comprehensive information privacy law when the territory published the Data Protection Act, 2021 (the “DPA 2021” or the “Act”) in its Official Gazette. Despite being a territory of the United Kingdom, the Virgin…
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions….
The UK Information Commissioner’s Office (“ICO”) has published a letter sent to the U.S. Securities and Exchange Commission. The ICO confirms that it is possible for SEC regulated UK firms to transfer personal data to the U.S. where the transfer is necessary for important reasons of public interest (the derogation in Article…
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research. In Key Takeaways from the Guidance, The EDPB: Confirmed that the informed consent that individuals must provide under ethical standards to participate in…