Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Compliance with the New EU-US Data Privacy Framework
Life With GDPR - Data Transfer Update
Anonymization and AI: Critical Technologies for Moving eDiscovery Data Across Borders
Digital Trade: Key Trends and Developments to Watch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
In-house Roundhouse: Antitrust and the Tech Industry
Cross-Border Data Transfers and the EU-US Data Privacy Tug of War
Privacy Talk | The New Swiss Data Protection Act
Compliance Perspectives: The Privacy and Data Security Track at the 2020 Compliance & Ethics Institute
Update on Global Data Privacy Regulations by John Jackson
Nota Bene Episode 93: Navigating the New Global Cybersecurity Compliance Landscape with Scott Giordano
What's Next after the Schrems II Decision of ECJ
Compliance Perspectives: The End of the Privacy Shield
Nota Bene Episode 89: European Q3 Check In - Merger Clearance and Data Protection Court Rulings and Brexit Updates with Oliver Heinisch
IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies
On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part...more
On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal from the European...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
On July 10, 1962, NASA launched Telstar 1, the first active communications satellite linking Europe and the United States through live television transmission. Sixty-one years later, on July 10, 2023, the European Commission...more
On March 8, 2023, the U.K. Secretary of State for Science for Innovation and Technology announced the publication of the Data Protection and Digital Information (No.2) Bill. This new version of the Data Protection and Digital...more
2022 was yet another eventful year in terms of GDPR compliance. The continued evolution of the enforcement landscape, with increasing number of sanctions and individuals exercising their rights required time and attention...more
On 17 November 2022, the Information Commissioner's Office (“ICO”) announced that it has updated its guidance on international data transfers. In its announcement, the ICO outlined its intention to “clarify an alternative...more
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more
In May 2020, we published a blog post about the US-UK Data Access Agreement, a first-of-its-kind reciprocal agreement between the US and the UK. Under the agreement, law enforcement agencies in either country could obtain...more
On 17 June 2022, the UK government published its refined plans for reforming UK data protection law, following a detailed consultation exercise undertaken last year. The proposals form part of wider changes to the UK...more
Since the Schrems II 2020 judgment famously “cancelled” the EU/U.S. Privacy Shield program for personal data flows from the EU to the United States, it would be an understatement to say that U.S.-bound personal data flows...more
Two new United Kingdom (“UK”) data transfer mechanisms, the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum (“UK Addendum”) to the European Union’s (“EU”) new standard contractual...more
In February 2022, the United Kingdom (UK) Information Commissioner’s Office (“ICO”), along with the data protection authority (“DPA”) in the UK, published three new documents ("UK Documents") which update the UK's position on...more
The U.K. Information Commissioner’s Office (UK ICO) recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat...more
Post-Brexit, the UK is no longer a member state of the European Union, meaning that the data protection regime that applies to UK-related processing is separate from – but currently remains similar to – that which applies to...more
Under the EU General Data Protection Regulation (EU GDPR) and the UK Data Protection Act 2018 (UK GDPR) (together the GDPR), even if an organisation is not established in the European Economic Area (EEA) or United Kingdom it...more
On June 4, 2021, the European Commission adopted a new, highly anticipated set of standard contractual clauses to facilitate the transfer of personal data out of the European Economic Area (“EEA”) in accordance with the...more
On 11 August, the UK Information Commissioner’s Office launched a consultation paper on “International transfers under UK GDPR”. The documents released alongside the paper include a draft International Data Transfer Agreement...more
On 28 June, the European Commission adopted its Adequacy Decision for the UK, putting to an end (at least for now), the uncertainty surrounding EU to UK personal data flows. This averted a “cliff edge” in the shape of the 30...more
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier uncertainty. ...more
The UK is approaching 6 months since it officially left the EU on 31 December 2020, yet the post-Brexit landscape remains far from settled. Below we have outlined some key impending changes, as well as continuities, that...more
Orrick's Cyber, Privacy & Data Innovation and IP Licensing & Technology Transactions groups cover the top 10 things you need to know about the new Standard Contractual Clauses ("SCCs") published today by the European...more
The end of the Brexit transition period is upon us. As of 1 January 2021, the UK is a 'third country' under the EU General Data Protection Regulation (GDPR), though the transition period has been extended for up to six months...more
The myriad of data privacy laws across Europe can make it challenging for companies engaged in cross-border business. Between the GDPR, the landmark Schrems II decision, local data privacy laws and Brexit complications...more