fbpx

Download free GDPR compliance checklist!

Tag Archives for " data transfer "

EU Commission fears UK data protection regime ‘may change in the future’

The European Commission has concerns that certain aspects of the UK’s data protection regime may change in the future and negatively impact the safety of EU personal data when transferred to the country.

The EU executive is conducting an assessment of the UK’s data protection landscape as part of a so-called ‘adequacy-decision,’ in order to determine if EU data can safely be transferred to the UK after Brexit.

“While the UK applies EU data protection rules during the transition period, certain aspects of its system may change in the future, such as rules on international transfers,” a Commission source told EURACTIV on Tuesday (22 September).

Source: Commission fears UK data protection regime ‘may change in the future’ – EURACTIV.com

Facebook denies it will pull service in Europe over data transfer ban

Facebook’s head of global policy has denied the tech giant could close its service to Europeans if local regulators order it to suspend data transfers to the U.S. following a landmark Court of Justice ruling in July that has cemented the schism between U.S. surveillance laws and EU privacy rights.

However, he also warned of “profound effects” on scores of digital businesses if a way is not found by lawmakers on both sides of the pond to resolve the legal uncertainty around U.S. data transfers — making a pitch to politicians to come up with a new legal “sticking plaster” for EU-U.S. data transfers now that a flagship arrangement, called Privacy Shield, is dead.

Source: Facebook denies it will pull service in Europe over data transfer ban | TechCrunch

Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling

The creators of the data protection market standard for cloud, the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer of personal data outside the EU.

Once approved by data protection authorities, the solution could be an alternative to the recently annulled EU-U.S. Privacy Shield, previously relied on by thousands of businesses who now face disruption and uncertainty when transferring EU citizens’ data across the Atlantic.

Source: Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling: EU Cloud CoC

Council of Europe Suggests Convention 108+ as Schrems II Data Transfer Solution

“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,” say Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter, Data Protection Commissioner of the Council of Europe.

“Being Party to the Convention 108+ could in the future also facilitate the case-by-case assessment that companies are required to do [following the Schrems II judgement] in the context of standard contractual clauses, regarding the essentially equivalent level of protection to be guaranteed”.

Source: Council of Europe Suggests Convention 108+ as Schrems II Data Transfer Solution

Facebook appealing order by Ireland’s privacy regulator that could halt EU-US data transfers

Facebook is appealing a preliminary order from the Irish Data Protection Commission (IDPC) that the social media company says would require it to stop data transfers between the US and the European Union.

The IDPC sent a preliminary order to Facebook last month directing the company to suspend data transfers to the US about EU users. The order is the first attempt by an EU regulator to enforce a ruling by the EU’s Court of Justice, which invalidated Privacy Shield, a data-sharing protocol that allowed American companies to transfer personal information about EU citizens to the US for processing.

Source: Facebook appealing order by Ireland’s privacy regulator that could halt EU-US data transfers – The Verge

Swiss Privacy Regulator Rules U.S.-Swiss Privacy Shield Not Adequate

On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet the “requirements of adequate data protection as defined by the FADP (Swiss Federal Act on Data Protection).”

It issued a policy paper offering advice on transferring data to countries not on its list of nations with adequate safeguards.

Source: Swiss Privacy Regulator Rules U.S.-Swiss Privacy Shield Not Adequate

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

European Parliament Held Meeting on Future of EU-U.S. Data Flows

On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union (CJEU).

In addition to Members of the European Parliament , the meeting’s participants included Justice Commissioner Didier Reynders, European Data Protection Board (EDPB) Chair Andrea Jelinek and Maximilian Schrems. Importantly, Commissioner Reynders stated during the meeting that the new Standard Contractual Clauses might be adopted by the end of 2020, at the earliest.

Source: European Parliament Meeting on Future of EU-U.S. Data Flows

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

EU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints

A month after Europe’s top court struck down a flagship data transfer arrangement between the EU and the US as unsafe, European privacy campaign group, noyb, has filed complaints against 101 websites with regional operators which it’s identified as still sending data to the US via Google Analytics and/or Facebook Connect integrations.

Among the entities listed in its complaint are ecommerce companies, publishers & broadcasters, telcos & ISPs, banks and universities — including Airbnb Ireland, Allied Irish Banks, Danske Bank, Fastweb, MTV Internet, Sky Deutschland, Takeaway.com and Tele2, to name a few.

Source: EU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints | TechCrunch

1 2 3 23
>