HAPPY INTERNATIONAL DATA PRIVACY DAY: OUR PREDICTIONS FOR 2023

Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

Transfer Impact Assessments – divergence between EDPB and ICO approaches

Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more

President Biden’s Executive Order implements EU-US data privacy framework

President Biden recently issued an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Privacy EO) outlining steps that the US Government is taking to implement the US commitments under the European Union-US Data Privacy Framework (the Privacy Framework) that the US and the European Commission (EC) announced in March 2022 to … Read more

New guidance on the CAC security assessment for cross-border data transfer

On 31 August 2022, the Cyberspace Administration of China (“CAC“) published the Guidelines on the Application of Security Assessment of Cross-border Transfer of Data (“Guidelines“) to clarify how organisations in China can apply to CAC for a security assessment for cross-order data transfer, a requirement stipulated under the Measures for Security Assessment of Cross-border Transfer … Read more

Journey to global privacy harmonisation: Australia joins the Global Cross-Border Privacy Rules Forum certification system

On 17 August 2022, the Australian Government announced that Australia joined the Global Cross-Border Privacy Rules (Global CBPR) Forum.[1] The Forum, launched in April 2022, establishes a certification system to help companies in participating jurisdictions demonstrate compliance with internationally-recognised privacy standards, with the aim of fostering interoperability and international data flows.[2] Read more

WHAT WE KNOW SO FAR ABOUT THE NEW TRANS-ATLANTIC DATA PRIVACY FRAMEWORK

Summary Following the European Commission’s (“EC”) announcement of the new Trans-Atlantic Data Privacy Framework (the “Framework”) earlier this year, Lawyer and privacy activist Max Schrems’ organisation, NOYB, recently issued an open letter to EU and US officials arguing that the proposed framework is unlikely to withstand legal challenge and overly resembles its predecessor, the now-defunct … Read more

IMPORTANT UPDATES ON CROSS-BORDER DATA TRANSFER IN CHINA

Under the PRC Personal Information Protection Law (“PIPL“) which became effective on 1 November 2021, a transfer of personal information outside of China requires multiple conditions to be met. Personal information can only be transferred overseas upon obtaining separate consent from the data subjects, conducting a personal information protection impact assessment (“PIA“) and complying with … Read more