Happy International Data Privacy Day: Our predictions for 2021

    Happy International Data Privacy Day! And what better day than today, to explore what 2021 is likely to have in store for data and privacy? Almost three years after the EU General Data Protection Regulation (GDPR) came into force, and now 28 days since the UK GDPR replaced it in the UK following Brexit, data … Read more

    EDPB and ICO respond to the Brexit data transfer window

    As most in the data community are aware, the EU-UK Trade and Cooperation Agreement (the “Brexit Deal”) was agreed on Christmas Eve and provides for an interim period (up to a maximum of six months ending on 30 June 2021) whereby data transfers from Europe to the UK will not be treated as transfers to … Read more

    ENSURING COMPLIANCE WITH ELECTRONIC MARKETING RULES: A CLOSER LOOK AT SOFT OPT-IN CONSENT

    The ICO’s recent decision to take enforcement action against a number of organisations (both in the form of investigations and regulatory fines) for sending unsolicited email and text based electronic marketing communications to individuals should serve to prompt organisations to take stock of the ways in which they promote their products and services using electronic … Read more

    EU-UK Brexit Deal grants an interim data transfer window

    On Christmas Eve, the EU and UK announced that they had reached an agreement on their future relationship, which we expect to come into effect on 1 January 2021 (the “Brexit Deal”). Further details of the deal itself will be discussed by my colleagues on our Beyond Brexit blog, available here. And for the most … Read more

    European Commission publishes new draft Article 28 clauses for consultation

    Alongside, and perhaps in the shadow of, the European Commission publishing its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) to address the restrictions imposed by the GDPR in relation to making international transfers of personal data  (for further details see our blog post here), the European Commission has also published a set of … Read more

    China Cybersecurity and Data Protection: What you need to know about China’s draft Personal Information Protection Law

    Mid-October marked the start of the formal legislative approval process for China’s proposed new law on personal information protection. The milestone draft Personal Information Protection Law (PIPL) underwent is first reading by the Standing Committee of the 13th National People’s Congress and was released for public consultation on 22 October 2020. For further details on … Read more

    European Commission publishes new draft Standard Contractual Clauses for consultation

    Hot on the heels of the EDPB’s guidance on ‘supplementary measures’ with respect to international data transfers as a result of the Schrems II judgment (for further details see our blog post here), the European Commission has now published its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) for consultation. Legal Background Chapter V … Read more

    EDPB ISSUES SCHREMS II GUIDANCE ON ENSURING COMPLIANCE FOR DATA TRANSFERS

    The Schrems II judgment from the Court of Justice of the European Union (read our blog post here) raised the bar for transfers of personal data to third countries by making clear that where Standard Contractual Clauses (“SCCs”) are being used, a level of due diligence needs to take place before any transfer can be … Read more