fbpx

Download free GDPR compliance checklist!

Tag Archives for " data transfer "

No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs

European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer mechanism called Privacy Shield.

In an FAQ on the Schrems II judgement, the European Data Protection Board (EDPB) warns there will be no regulatory grace period.

Source: No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs | TechCrunch

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority.

As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority (SA) need to identify a new BCR Lead SA in the EEA  and must amend their BCRs before the end of the Brexit transition period.

Source: EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

Legal clouds gather over US cloud services, after CJEU ruling

In the wake of landmark ruling by Europe’s top court Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.

In its ruling CJEU stroked down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process. Now, any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished.

Source: Legal clouds gather over US cloud services, after CJEU ruling | TechCrunch

CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

On July 16, 2020, the Court of Justice of the European Union (the “CJEU”) issued its landmark judgment in the Schrems II case (case C-311/18).

In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.

Source: Schrems II: CJEU Invalidates EU-U.S. Privacy Shield but SCC Remain Valid

EC issues data advice as Brexit approaches

The European Commission (EC) is urging businesses and public bodies to take all necessary steps to ensure compliance of any personal data transfers between the UK European Union after the Brexit transition ends on 31 December.

“Compliance can be achieved by having appropriate safeguards in place as foreseen by the General Data Protection Regulation [GDPR], including binding corporate rules or through specific derogations,” the EC said in a document to help companies and others to prepare for the changes after the transition period.

Source: EC issues data advice as Brexit approaches

EU fires warning shot to UK over post-Brexit US data-sharing

Safeguards outlined in a preliminary data-sharing agreement struck between the UK and US last year may not be sufficient, the EU’s data protection watchdog has declared.

The UK entered into an agreement with the US in October 2019 to reduce the barriers to data-sharing to better equip law enforcement agencies to fight crime. However, terms of this agreement may undermine the UK’s hopes of achieving a data adequacy decision with the EU once the Brexit transition period ends on 31 December.

The European Data Protection Board (EDPB), which oversees the application of GDPR consistently across EU member states, has cast doubt over whether safeguards outlined in the agreement are compatible with existing data protection laws.  Without an adequacy decision, free data flows between the EU and the UK would be disrupted, with data unable to flow from European countries to the UK.

Source: EU fires warning shot to UK over post-Brexit US data-sharing | IT PRO

UK’s post-Brexit data deals ‘will go further than EU ever could’

The UK government has outlined an ambitious plan to reach a set of international agreements on data that it claims is now possible due to leaving the European Union.

With Brexit on the horizon, the government has set out a four-pillared strategy for global digital trade, with the cornerstone a set of free trade agreements that allow the freeflow of data and data localisation between the UK and Asia-Pacific countries.

However, these ambitions have been outlined despite no guarantees the UK will continue to enjoy the freeflow of data with EU nations, as it currently does, with the prospect of a no-deal Brexit still very much in play.

Source: UK’s post-Brexit data deals ‘will go further than EU ever could’ | IT PRO

CJEU to Deliver Judgement on Validity of Standard Contractual Clauses on July 16, 2020

The Court of Justice of the European Union has announced via its Twitter feed that it will deliver its judgement in the Schrems II case on July 16, 2020.

This judgement will determine the validity of the Standard Contractual Clauses (SCCs or Model Clauses) as a transfer mechanism under the General Data Protection Regulation (“GDPR”).

Source: CJEU to Deliver Judgement on Validity of Standard Contractual Clauses on July 16, 2020

EU wants UK to share more data before it grants access to crime-fighting system

European parliamentary committee says UK should share same amount of fingerprint data as member states.

The UK should be denied access to an EU crime-fighting system until it agrees to share more fingerprint data with member states, a European parliamentary committee has said.

The DNA exchange system enables British police to check the genetic code of EU criminals and criminal suspects in 15 minutes, compared with 143 days through the Interpol process.

British government does not fully comply with EU rules: British authorities are sharing DNA data from British-based criminals, but not criminal suspects, although it gets full access to equivalent data on suspects from other EU countries.

Source: EU wants UK to share more data before it grants access to crime-fighting system | European Union | The Guardian

1 2 3 22
>