China Cybersecurity and Data Protection: Monthly Update – July 2021 Issue

Key highlights – our comments on the cybersecurity probe into DiDi and the draft of the revised Measures on Cybersecurity Review In early July, the Cyberspace Administration of China (CAC) announced that it had initiated cybersecurity review on three companies, namely DiDi, Boss Zhipin and Full Truck Alliance, and during the review the three companies … Read more

British Airways data class action settles

Following a stay of proceedings to pursue ADR, a number of the claims being pursued as part of the Group Litigation known as the British Airways Data Event Group Litigation (the “BA GLO”) have now been settled. We last updated on the procedural developments in this case in February 2021, when a ruling was given … Read more

EDPB issues finalised Schrems II guidance on ensuring compliance for data transfers

In a busy few weeks for international data transfers following the publication of final standard contractual clauses for both the international transfer of personal data to third countries (“SCCs“) (see our blog post here)  and Article 28 clauses (see our blog post here), as well as the European Commission adopting two adequacy decisions for the … Read more

European Commission publishes final Article 28 clauses

Simultaneous with the European Commission publishing its final standard contractual clauses for the international transfer of personal data (see our blog post here for further information) (the “New SCCs“), they have now published a final set of standalone Article 28 clauses for use between controllers and processors in the EU, also termed ‘standard contractual clauses’ … Read more

ICO PUBLISHES CALL FOR VIEWS ON ANONYMISATION GUIDANCE

Background On 28 May 2021, the Information Commissioner’s Office (“ICO“) published a call for views on the first draft chapter of its anonymisation, pseudonymisation and privacy enhancing technologies draft guidance). This first chapter is part of a series of chapters of guidance that the ICO will be publishing on anonymisation and pseudonymisation and their role … Read more

European Commission publishes final Standard Contractual Clauses

Seven months after the European Commission published its draft new Standard Contractual Clauses for data transfers between EU and non-EU countries (the “Draft SCCs“) for consultation (see our blog post here (the “Draft SCCs Blog“)), they have now published a finalised set of Standard Contractual Clauses (“Final SCCs“) with little fanfare (available here). It should … Read more

China Cybersecurity and Data Protection: Monthly Update – May 2021 Issue

This e-bulletin summarises the latest developments in cybersecurity and data protection in China with a focus on the regulatory, enforcement, industry and international developments in this area. Our highlights In late April, we saw the second reading of the proposed Personal Information Protection Law (PIPL) and Data Security Law (DSL) by the Standing Committee of … Read more