China relaxes measures on cross-border data transfers from China

The Cyberspace Administration of China (CAC) has released draft provisions which will relax the current requirements on cross border data transfers. The draft provisions set out exemptions from the need to comply with one of the three transfer mechanisms that would otherwise be required, namely (i) CAC assessment (ii) China’s standard contract or China standard … Read more

A cautious approach: What does the EU-US adequacy decision actually mean for international data transfers?

On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-US Data Privacy Framework (“DPF“) finding that data transfers from Europe to the US pursuant to the DPF would benefit from an adequate level of data protection. The adoption of the adequacy decision provides some much-needed certainty around EU-US international data … Read more

China’s Standard Contract widely adopted by MNCs to transfer personal data from China

China’s Standard Contract, also known as Standard Contract Clauses (SCCs), is a legal instrument that enables multinational corporations (MNCs) to transfer personal data from China to other countries or regions. It is one of the three legal mechanisms for cross-border data transfer under Chinese data protection laws. A security assessment conducted by the Cyberspace Administration … Read more

June Data Wrap: A snapshot of key regulatory developments

A sneaky entry into the June data wrap given that it was actually announced on Monday 10 July, but the European Commission (the “Commission“) has now adopted its adequacy decision for the EU-US Data Privacy Framework (the “Framework“). The decision means that personal data can now freely flow to organisations participating in the Framework without … Read more

May Data Wrap: A snapshot of key regulatory developments

On 22 May 2023, following the adoption of a binding decision by the EDPB, the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed Meta to suspend its transfers … Read more

FOLLOWING META, WHAT NEXT FOR INTERNATIONAL DATA TRANSFERS?

On 22 May 2023, following the adoption of a binding decision by the European Data Protection Board (the “EDPB“), the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed … Read more

The Cyberspace Administration of China issues guidance on filing the standard contract for outbound cross-border transfer of personal information

On 30 May 2023, the Cyberspace Administration of China (CAC) issued the first edition of guidance on filing for the standard contract for outbound cross-border transfer of personal information (Standard Contract). On 1 June 2023, the Measures for the Standard Contract for Outbound Cross-border Transfer of Personal Information (Measures) will come into force, introducing the … Read more

March Data Wrap: A snapshot of key regulatory developments

March saw the UK Government recommence its efforts to reform the UK data regime by introducing the aptly named “Data Protection and Digital Information Bill (No.2)” to Parliament on 8 March 2023. The second draft bill supersedes the original version that was paused in September to allow ministers to rethink their approach and engage in … Read more