fbpx

Download free GDPR compliance checklist!

Tag Archives for " data transfer "

EDPB & EDPS adopt joint opinions on new sets of SCCs

The EDPB and EDPS have adopted joint opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.

Several amendments were requested in order to bring more clarity to the text and to ensure its practical usefulness in day-to-day operations of the controllers and processors. These include the interplay between the two documents, the so-called “docking clause” which allows additional entities to accede to the SCCs, and other aspects relating to obligations for processors. Additionally, the EDPB and EDPS suggest that the Annexes to the SCCs clarify as much as possible the roles and responsibilities of each of the parties with regard to each processing activity – any ambiguity would make it more difficult for controllers or processors to fulfil their obligations under the accountability principle.

Source: EDPB & EDPS adopt joint opinions on new sets of SCCs

Facebook’s EU-US data transfers face their final countdown

Ireland’s Data Protection Commission (DPC) has agreed to swiftly finalize a long-standing complaint against Facebook’s international data transfers which could force the tech giant to suspend data flows from the European Union to the US within in a matter of months.

The DPC has made the commitment to a swift resolution of Schrems’ complaint now in order to settle a judicial review of its processes which noyb, his privacy campaign group, filed last year in response to its decision to pause his complaint and opt to open a new case procedure.

Source: Facebook’s EU-US data transfers face their final countdown | TechCrunch

Brexit Deal Keeps EU-UK Data Flows Open as Parties Pursue Mutual Adequacy

On December 24th, with a year-end deadline and the holidays fast approaching, European Commission and United Kingdom officials announced they reached a deal on the EU-UK Trade and Cooperation Agreement.

Once formally adopted by the European Union institutions, the Agreement will govern the relationship between the EU and UK beginning on January 1, 2021, following the end of the Brexit transition period.

Parties agreed to allow for the continued free flow of personal data for up to six months to allow time for the EU and UK to adopt mutual “adequacy decisions”. Absent these adequacy decisions organizations would need to consider implementing additional safeguards, such as standard contractual clauses, to transfer personal data between the EU and UK.

Source: Brexit Deal Keeps EU-UK Data Flows Open as Parties Pursue Mutual Adequacy

Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.

The hearing explored the policy issues that led to the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

Source: Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows | Privacy & Information Security Law Blog

New EU-U.S. data transfer pact not any time soon

Companies hoping the EU and the new U.S. administration will soon strike a new transatlantic data transfer pact to replace one struck down by a court will probably have to wait months for any result, the head of the EU privacy watchdog said on Friday.

“I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield like solution will last for a while,” told  European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski.

Source: New EU-U.S. data transfer pact? Not any time soon, says EU privacy watchdog | Reuters

EU-US data transfer clarity may take several months, warns head of EDPS

European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski says he does not expect a new solution to the Privacy Shield problem for several months, as the Biden administration grapples with other priority issues.

The head of the EDPS told Reuters said he is doubtful that EU businesses will receive clarity in the coming weeks and months over the uncertainty around EU-US data transfers.

Source: EU-US data transfer clarity may take several months, warns head of EDPB

EU, UK mulling interim data flows solution post-Brexit

With time running out for the EU to grant the U.K.’s data protection regime a stamp of approval before the Brexit transition period ends, officials are considering options to keep personal data flowing across the Channel, according to two individuals familiar with the talks.

The officials said that any interim solution is tied up in the wider trade negotiations, which both sides agree are currently stuck. That means that in the event of a no deal, companies would have to use alternative data transfer mechanisms to move data from the EU to the U.K., such as standard contractual clauses — a situation which could cost the U.K. economy as much as £1.6 billion.

Source: EU, UK mulling interim data flows solution post-Brexit

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

1 2 3 25
>