European Commission publishes new draft Article 28 clauses for consultation

Alongside, and perhaps in the shadow of, the European Commission publishing its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) to address the restrictions imposed by the GDPR in relation to making international transfers of personal data  (for further details see our blog post here), the European Commission has also published a set of … Read more

China Cybersecurity and Data Protection: What you need to know about China’s draft Personal Information Protection Law

Mid-October marked the start of the formal legislative approval process for China’s proposed new law on personal information protection. The milestone draft Personal Information Protection Law (PIPL) underwent is first reading by the Standing Committee of the 13th National People’s Congress and was released for public consultation on 22 October 2020. For further details on … Read more

A change in approach to subject access? ICO Publishes Updated DSAR Guidance

Summary The ICO (the UK privacy regulator) has updated its guidance on data subject access rights, and the revised guidance appears to be aimed at giving organisations practical advice on managing and responding to subject access requests by including further detail and examples. Although the revised guidance has not changed dramatically, it is fair to … Read more

National Data Strategy: The UK’s Data Revolution

On 9 September, the UK Government published a National Data Strategy which places data at the core of the UK’s recovery from the COVID-19 pandemic. The UK Government aims to ensure that companies and organisations can use data to drive digital transformation and innovation and boost growth across the UK economy. This new strategy comes … Read more

German Regulator Publishes Schrems II ‘Checklist’

The Baden-Württemberg data protection authority (“LfDI”) has issued guidance to controllers and processors following the Schrems II judgement.  The guidance includes helpful, practical tips which entities can take with respect to their current and future international transfers. Whilst aimed primarily at organisations subject to the jurisdiction of the LfDI, the guidance may be helpful for … Read more

SCHREMS II FALLOUT CONTINUES: NEW SCCS AND EDPB GUIDANCE COMING SOON

On 3 September 2020, members of the European Parliament together with Max Schrems, the Commissioner for Justice and the Chairwoman of the European Data Protection Board (“EDPB”) met to discuss the future of EU-US data transfers in light of European Court of Justice’s (“ECJ”) decision in Schrems II. Read more

Schrems II: Reaction from European Regulators and Technology Companies Suggest an Uncomfortable Road Ahead for Transatlantic Data Transfers

To recap, last week, the European Court of Justice (“ECJ”) ruled that the Privacy Shield is invalid and placed significant emphasis on the due diligence which exporting controllers, recipients and supervisory authorities are expected to undertake in relation to transfers of personal data to third countries which are governed by the Standard Contractual Clauses (“SCCs”).  … Read more