Transfer of personal data between Europe/UK and Asia: Key changes and practical tips

Following the publication of the new EU Standard Contractual Clauses (“SCCs“) last year and their UK equivalent at the beginning of this year, any current arrangements for transferring personal data outside of Europe or the UK (e.g. international data transfer agreements involving a European or UK party) should be revisited and updated in the coming … Read more

Article published – Lloyd v Google: the upshot for data class actions

The exponential growth in the volume of data being collected and shared, along with the ease and reduced costs of gathering, analysing, using and exploiting data, has resulted in a corresponding increase in data protection laws and regulations. Against that background, data class actions have been a growing phenomenon, driven in part by the interest … Read more

Pseudonymised data is personal data – but in whose hands? ICO calls for views on third chapter of draft anonymisation guidance

On 7 February 2022, the Information Commissioner’s Office (“ICO“) announced the publication of the third chapter of its draft guidance on anonymisation, pseudoymisation and privacy enhancing technologies (the “Draft Guidance“). Following on from the first and second chapters published on 28 May 2021 and 8 October 2021, respectively, which focus on anonymisation, the new third … Read more

The UK’s International Data Transfer Agreement is laid before Parliament

Following the conclusion of the Information Commissioner’s Office (“ICO“) 2021 consultation on the UK’s draft international data transfer agreement and accompanying methodology, the Secretary of State laid before Parliament the final version of the transfer documents on 28 January 2022. Collectively, the following documents are intended to be used by organisations transferring personal data outside … Read more

HAPPY INTERNATIONAL DATA PRIVACY DAY: OUR PREDICTIONS FOR 2022

Happy International Data Privacy Day! And what better day than today, to explore what 2022 is likely to have in store for data and privacy? One year on from the introduction of the UK GDPR in a post-Brexit Britain. Two years on from the start of a global pandemic which forced a discussion around the … Read more

New Telecommunications Telemedia Data Protection Act (TTDSG) comes into effect on 1 December 2021

More legal clarity On 1 December 2021, a new law regulating data protection and privacy in telecommunications and telemedia will come into effect: the German Telecommunications Telemedia Data Protection Act (TTDSG). The TTDSG contains new provisions on digital legacy, privacy protection for terminal equipment and consent management. It intends to create more legal certainty and … Read more

US Federal Trade Commission Updates Safeguards Rule for Consumer Financial Information

The US Federal Trade Commission (the FTC) released the text of a Final Rule (the Final Rule) on October 27, 2021, amending the Standards for Safeguarding Consumer Information (the Safeguards Rule). Since 2003, the Safeguards Rule has set the data security standards applicable to certain non-banking financial institutions, as defined under the Gramm-Leach-Bliley Act of … Read more