fbpx

Download free GDPR compliance checklist!

Tag Archives for " data transfer "

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

Privacy Shield Is Gone. So What Now?

With companies no longer able to rely on Privacy Shield for protection, companies have two main options available to them: to localize data storage and/or to strengthen their SCCs.

Other options include strong encryption, use of federated data and differential privacy.

The revocation of Privacy Shield does not have to result in a security vacuum. On the contrary, a secure data solution can protect a company from even the most stringent regulations.

Full article: Privacy Shield Is Gone. So What Now? – CPO Magazine

EU data transfer laws might destroy Transatlantic commerce

Data privacy decisions from Europe this summer may have a large impact Transatlantic commerce.

In fact, if the U.S. and the EU don’t find a way to overcome the sudden hurdles placed in front of Transatlantic commerce, billions of dollars in trade are in jeopardy. Whether Congress takes the easy way, or trade representatives and courts are compelled to take the hard way, the cost of not seeking a resolution to this uncertainty is enormous.

Full article: EU data transfer laws might destroy Transatlantic commerce | TheHill

Schrems gets a judicial review of the Irish DPC’s procedure

European privacy campaigner Max Schrems has been granted a judicial review of the Irish regulator’s handling of his complaint.

He’s expecting the hearing to take place before the end of the year — and is hoping the action will, at long last, lead to a suspension of Facebook’s EU-US data transfers.

Schrems says his aim is to “kick start a ‘paused’ complaints procedure’” after Ireland’s Data Protection Commission (DPC) chose to open a new case procedure last month — simultaneously pausing its handling of his original complaint, which dates back some seven years at this point.

Source: Facebook EU-US data transfer complaint: Schrems gets a judicial review of the Irish DPC’s procedure | TechCrunch

UK government under pressure to prove data adequacy to EU

The UK government is coming under increasing pressure to convince Brussels regulators that the country’s data protection landscape is fit for EU personal data, amid wider concerns that UK surveillance practices compromise the security of EU standards.

On 13 October the UK’s upper chamber, the House of Lords, published a report on the future relationship between the UK and the EU in the business world, highlighting their worry that “there is a possibility that the Commission may not grant the UK a data adequacy decision,” for data transfers from the bloc after the Brexit transition period concludes at the end of the year.

“We call on the Government to push for the assessment to be concluded as soon as possible, to give businesses in the UK and EU legal certainty and time to prepare,” the Lords’ report added.

Source: UK government under pressure to prove data adequacy to EU – EURACTIV.com

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

New mechanism for EU data transfers ‘may be ready by Christmas’

A revised mechanism for transferring EU data outside of the EU may be ready by Christmas, according to the EU’s digital chief.

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs).

Source: New mechanism for EU data transfers ‘may be ready by Christmas’

1 2 3 24
>