A sneaky entry into the June data wrap given that it was actually announced on Monday 10 July, but the European Commission (the “Commission“) has now adopted its adequacy decision for the EU-US Data Privacy Framework (the “Framework“). The decision means that personal data can now freely flow to organisations participating in the Framework without … Read more

On 22 May 2023, following the adoption of a binding decision by the EDPB, the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed Meta to suspend its transfers … Read more

On 22 May 2023, following the adoption of a binding decision by the European Data Protection Board (the “EDPB“), the Irish Data Protection Commissioner (“DPC“) concluded its own-volition inquiry against Meta regarding the legality of international data transfers from Meta Ireland to the US. The DPC concluded that such transfers infringed the GDPR and directed … Read more

In light of the multiple announced investigations across Europe in relation to Open AI and its Chat GPT Service, April saw the EDPB launch a dedicated task force to “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities”. The speed with which this coordinated taskforce was set up highlights … Read more

The UK’s Information Commissioner’s Office (“ICO“) has fined Tik Tok Information Technologies UK Limited and TikTok Inc (“TikTok“) £12.7 million for breaching the UK GDPR, in particular for failing to protect children’s privacy. The ICO had previously issued a notice of intent to fine TikTok £27 million for various data protection law breaches between May … Read more

March saw the UK Government recommence its efforts to reform the UK data regime by introducing the aptly named “Data Protection and Digital Information Bill (No.2)” to Parliament on 8 March 2023. The second draft bill supersedes the original version that was paused in September to allow ministers to rethink their approach and engage in … Read more

Happy International Data Privacy Day for Saturday! And what better reason than that to explore what 2023 is likely to have in store for data and privacy? We are just over one year on from the UK government hinting that it might think outside the box in terms of data protection regulation. Two years on … Read more

Now that the deadlines have passed for implementing: EU Standard Contractual Clauses (“EU SCCs”) into all new and existing contractual arrangements involving restricted transfers of data under the EU GDPR; and the UK equivalent to the EU SCCs (the UK specific International Data Transfer Agreement (“IDTA“) or the EU SCCs in combination with the UK … Read more