fbpx

Download free GDPR compliance checklist!

Tag Archives for " data transfer "

TikTok found secretly transferring user data to China

According to a lawsuit file by a college student TikTok has been secretly transferring user data to China without gaining consent.

The class-action lawsuit filed in California, accuses TikTok of secretly harvesting large amounts of personally identifiable user data and sending it to China. In addition, the lawsuit accuses TikTok and its parent company ByteDance, of taking user content without their consent.

Source: #Privacy: TikTok found secretly transferring user data to China – PrivSec Report

AG Opinion in Schrems II Delayed

The Advocate General’s (AG) Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (so called “Schrems II”), has been delayed until the 19 th December 2019.

The primary question before the European Court of Justice, and the AG, in Schrems II is whether the European Commission’s standard contractual clauses are valid for transfers of personal data to the United States.

Source: UPDATE: AG Opinion in Schrems II Delayed

Potential Brexit deal reached; data transfers remain, for now

More than three years after the U.K. voted in a referendum to leave the EU, a proposed Brexit deal is on the table just weeks ahead of an Oct. 31 deadline.

European Commission President Jean-Claude Juncker confirmed a deal had been reached. U.K. Parliament will vote on it this Saturday, Oct. 19.

The draft text of the deal released Thursday includes a section near the top on data protection, stating, “In view of the importance of data flows and exchanges across the future relationship, the Parties are committed to ensuring a high level of personal data protection to facilitate such flows between them.”

Source: Potential Brexit deal reached; data transfers remain, for now

Apple Shares Some Browsing History with Chinese Company

The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government.

Apple is sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. The data shared is tied to the Safari Safe Browsing technology. Revelations of the relationship have drawn criticism from security and privacy experts.

Source: Apple Shares Some Browsing History with Chinese Company | Threatpost

EU and US work on electronic evidence agreement

European Commission and U.S. Department of Justice officials met on September 25 to begin formal negotiations on an EU-U.S. agreement to facilitate access to electronic evidence in criminal investigations.

There was agreement to regular negotiating rounds with the view to concluding an agreement as quickly as possible. Progress will be reviewed at the next EU-U.S. Justice and Home Affairs Ministerial in December.

Source: European Commission – PRESS RELEASES – Press release – Criminal justice: Joint statement on the launch of EU-U.S. negotiations to facilitate access to electronic evidence

How to manage, monitor and validate third-party data sharing

When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.

How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where it shouldn’t?

Read full article: How to manage, monitor and validate third-party data sharing

EU and US issue joint statement on the Third Annual EU-U.S. Privacy Shield Review

U.S. Secretary of Commerce Wilbur Ross and EU Commissioner for Justice, Consumers, and Gender Equality Věra Jourová made the joint statement regarding the third annual joint review of the EU-U.S. Privacy Shield Framework.

Officials stated that Privacy Shield ensures that participating companies and relevant government authorities provide a high level of protection for the personal data of EU individuals. The Department of Commerce will revoke the certification of companies that do not comply with Privacy Shield’s vigorous data protection requirements.

The European Commission will publish a report on the functioning of the Privacy Shield. This report will conclude this year’s review process.

Source: Joint Press Statement from Commissioner Věra Jourová and Secretary of Commerce Wilbur Ross on the Third Annual EU-U.S. Privacy Shield Review | U.S. Department of Commerce

EU-US launch talks on e-evidence access

EU member states have approved a mandate for the European Commission to launch international negotiations with the U.S. to speed and streamline cross-border access to electronic evidence in criminal investigations.

EU Commission Spokesperson Christian Wigand said the new legislation and getting agreement with the U.S. is incredibly important because e-evidence “is needed in around 85% of criminal investigations, and in two-thirds of these investigations there is a need to obtain evidence from online service providers based in another jurisdiction.”

Full article: EU-US launch talks on e-evidence access

Businesses race to keep data flowing under a no-deal Brexit

Brexit might mean the United Kingdom is no longer a member of the European Union, but that does not mean it will escape the long arm of the bloc’s data protection.

Alternative arrangements include implementing binding corporate rules or signing contracts that include EU-approved clauses. The latter option of implementing standard contractual clauses is for now the simplest way to go, especially for most small and medium-sized enterprises. However, for large organisations, they can be costly to implement.

Full article: Businesses race to keep data flowing under a no-deal Brexit, Europe News & Top Stories – The Straits Times

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

1 2 3 20
>