Last month, the European Data Protection Board – which is composed of the national data protection authorities (‘Supervisory Authorities’) of the countries in the European Economic Area (‘EEA’), as well as the European Data...more
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the...more
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal...more
The European Commission has approved the EU-U.S. Data Privacy Framework (DPF) for transferring data from the EU to the United States. Our Privacy, Cyber & Data Strategy Team discusses what companies should consider when...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
What Happened? On July 10, 2023, the European Commission (‘EC’) adopted its long-awaited adequacy decision approving the EU-U.S. Data Privacy Framework (‘DPF’). By doing so, the EC is confirming that personal data...more
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for...more
On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for...more
In August 2020, privacy activist organization NOYB – European Center for Digital Rights filed 101 complaints with the EU Supervisory Authorities (‘SAs’) in connection with the transfer of personal data from Europe to...more
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the...more
Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows...more
On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of...more
On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which...more
The Data Strategy Webinar Series spotlights cutting-edge issues in privacy and cybersecurity. This session will feature the latest developments regarding SCCs and data transfers out of Europe, including a discussion of...more
On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise...more
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests...more
Our Privacy, Cyber & Data Strategy Team offers 10 observations companies can use to better understand the EU’s overhaul of the standard contractual clauses that allow compliance with the General Data Protection Regulation’s...more
In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between...more
Executive Summary - The Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ Case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of...more