National Data Strategy: The UK’s Data Revolution

On 9 September, the UK Government published a National Data Strategy which places data at the core of the UK’s recovery from the COVID-19 pandemic. The UK Government aims to ensure that companies and organisations can use data to drive digital transformation and innovation and boost growth across the UK economy. This new strategy comes … Read more

German Regulator Publishes Schrems II ‘Checklist’

The Baden-Württemberg data protection authority (“LfDI”) has issued guidance to controllers and processors following the Schrems II judgement.  The guidance includes helpful, practical tips which entities can take with respect to their current and future international transfers. Whilst aimed primarily at organisations subject to the jurisdiction of the LfDI, the guidance may be helpful for … Read more

SCHREMS II FALLOUT CONTINUES: NEW SCCS AND EDPB GUIDANCE COMING SOON

On 3 September 2020, members of the European Parliament together with Max Schrems, the Commissioner for Justice and the Chairwoman of the European Data Protection Board (“EDPB”) met to discuss the future of EU-US data transfers in light of European Court of Justice’s (“ECJ”) decision in Schrems II. Read more

Schrems II: Reaction from European Regulators and Technology Companies Suggest an Uncomfortable Road Ahead for Transatlantic Data Transfers

To recap, last week, the European Court of Justice (“ECJ”) ruled that the Privacy Shield is invalid and placed significant emphasis on the due diligence which exporting controllers, recipients and supervisory authorities are expected to undertake in relation to transfers of personal data to third countries which are governed by the Standard Contractual Clauses (“SCCs”).  … Read more

COVID-19: ICO publishes details of its regulatory approach during COVID-19 (UK)

The ICO has published details of its regulatory approach during the ongoing COVID-19 emergency; this is an approach which should reassure entities who are adapting to the economic and practical realities of operating in the current climate, as well as balancing their data protection obligations.  The UK regulator has continued to be reasonable and pragmatic, … Read more

Revised ePrivacy Regulation Draft introduces ability for organisations to rely on “Legitimate Interests” legal basis in relation to cookies

Another revised draft ePrivacy Regulation (“ePR”) was recently published which introduces the ability for organisations to rely on the “legitimate interests” legal basis to drop cookies on end users’ devices. This change has been criticised by some commentators for ambiguities and watering down data protection rights despite accompanying safeguards. It remains to be seen if … Read more

COVID-19: SFC extends deadline for data storage compliance (Hong Kong)

The Hong Kong Securities and Futures Commission (SFC) has extended its deadline for licensed corporations to confirm compliance with its new data storage regulations, due to the COVID-19 outbreak. On 31 March 2020, the SFC granted a six-month extension to the implementation deadline for aspects of its 31 October 2019 circular on the use of external electronic data storage … Read more