A sneaky entry into the June data wrap given that it was actually announced on Monday 10 July, but the European Commission (the “Commission“) has now adopted its adequacy decision for the EU-US Data Privacy Framework (the “Framework“). The decision means that personal data can now freely flow to organisations participating in the Framework without … Read more

In light of the multiple announced investigations across Europe in relation to Open AI and its Chat GPT Service, April saw the EDPB launch a dedicated task force to “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities”. The speed with which this coordinated taskforce was set up highlights … Read more

March saw the UK Government recommence its efforts to reform the UK data regime by introducing the aptly named “Data Protection and Digital Information Bill (No.2)” to Parliament on 8 March 2023. The second draft bill supersedes the original version that was paused in September to allow ministers to rethink their approach and engage in … Read more

Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more

On 7 February 2022, the Information Commissioner’s Office (“ICO“) announced the publication of the third chapter of its draft guidance on anonymisation, pseudoymisation and privacy enhancing technologies (the “Draft Guidance“). Following on from the first and second chapters published on 28 May 2021 and 8 October 2021, respectively, which focus on anonymisation, the new third … Read more

On 13 January 2022, the draft Guidelines for Identification of Critical Data (“Draft Guidelines“) were released. The public consultation period will end on 13 March 2022.  This is a key step for the full enforcement of the Data Security Law (“DSL“) which came into force on 1 September 2021. Read more

 G20 nation moves to modernised privacy code for online platforms, including binding rules. The proposed scope – and stakes for industry players – is substantial. On 25 October 2021, the Australian Attorney-General’s department released, for public consultation, an exposure draft bill introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Legislation Amendment (Enhancing Online Privacy and … Read more