fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data transfer "

Potential Brexit deal reached; data transfers remain, for now

More than three years after the U.K. voted in a referendum to leave the EU, a proposed Brexit deal is on the table just weeks ahead of an Oct. 31 deadline.

European Commission President Jean-Claude Juncker confirmed a deal had been reached. U.K. Parliament will vote on it this Saturday, Oct. 19.

The draft text of the deal released Thursday includes a section near the top on data protection, stating, “In view of the importance of data flows and exchanges across the future relationship, the Parties are committed to ensuring a high level of personal data protection to facilitate such flows between them.”

Source: Potential Brexit deal reached; data transfers remain, for now

Apple Shares Some Browsing History with Chinese Company

The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government.

Apple is sending some browsing history of iOS 13 Safari users to Tencent Holdings Limited, a Chinese multinational conglomerate. The data shared is tied to the Safari Safe Browsing technology. Revelations of the relationship have drawn criticism from security and privacy experts.

Source: Apple Shares Some Browsing History with Chinese Company | Threatpost

EU and US work on electronic evidence agreement

European Commission and U.S. Department of Justice officials met on September 25 to begin formal negotiations on an EU-U.S. agreement to facilitate access to electronic evidence in criminal investigations.

There was agreement to regular negotiating rounds with the view to concluding an agreement as quickly as possible. Progress will be reviewed at the next EU-U.S. Justice and Home Affairs Ministerial in December.

Source: European Commission – PRESS RELEASES – Press release – Criminal justice: Joint statement on the launch of EU-U.S. negotiations to facilitate access to electronic evidence

How to manage, monitor and validate third-party data sharing

When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.

How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where it shouldn’t?

Read full article: How to manage, monitor and validate third-party data sharing

EU and US issue joint statement on the Third Annual EU-U.S. Privacy Shield Review

U.S. Secretary of Commerce Wilbur Ross and EU Commissioner for Justice, Consumers, and Gender Equality Věra Jourová made the joint statement regarding the third annual joint review of the EU-U.S. Privacy Shield Framework.

Officials stated that Privacy Shield ensures that participating companies and relevant government authorities provide a high level of protection for the personal data of EU individuals. The Department of Commerce will revoke the certification of companies that do not comply with Privacy Shield’s vigorous data protection requirements.

The European Commission will publish a report on the functioning of the Privacy Shield. This report will conclude this year’s review process.

Source: Joint Press Statement from Commissioner Věra Jourová and Secretary of Commerce Wilbur Ross on the Third Annual EU-U.S. Privacy Shield Review | U.S. Department of Commerce

EU-US launch talks on e-evidence access

EU member states have approved a mandate for the European Commission to launch international negotiations with the U.S. to speed and streamline cross-border access to electronic evidence in criminal investigations.

EU Commission Spokesperson Christian Wigand said the new legislation and getting agreement with the U.S. is incredibly important because e-evidence “is needed in around 85% of criminal investigations, and in two-thirds of these investigations there is a need to obtain evidence from online service providers based in another jurisdiction.”

Full article: EU-US launch talks on e-evidence access

Businesses race to keep data flowing under a no-deal Brexit

Brexit might mean the United Kingdom is no longer a member of the European Union, but that does not mean it will escape the long arm of the bloc’s data protection.

Alternative arrangements include implementing binding corporate rules or signing contracts that include EU-approved clauses. The latter option of implementing standard contractual clauses is for now the simplest way to go, especially for most small and medium-sized enterprises. However, for large organisations, they can be costly to implement.

Full article: Businesses race to keep data flowing under a no-deal Brexit, Europe News & Top Stories – The Straits Times

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

India to approach the EU seeking ‘adequacy’ status with the GDPR

India will approach the European Union seeking ‘adequacy’ status with the General Data Protection Regulation once the country finalizes and passes its own Personal Data Protection Bill, two people familiar with the matter said.

The reciprocal recognition of data protection equivalency is expected to reduce the compliance burden and give the outsourcing and technology industry a leg up in attracting clients from Europe.

Source: Data privacy: India to approach the EU seeking ‘adequacy’ status with the GDPR, Technology News, ETtech

CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

On July 9 the Court of justice of European Union had its session in so called Schrems II case. The question is; whether U.S. law on the access of national security agencies to the personal data of non nationals, the Foreign Intelligence Service Act, breaks European data protection laws. And if so, does that invalidate currently legal data transfer mechanisms?

Court heard from the Irish Data Protection Commissioner, Facebook, the Electronic Privacy Information Center, DigitalEurope, the Business Software Alliance, the European Commission, the European Data Protection Board, the U.S. government as well as several EU countries and representatives of Max Schrems himself.

The EU court’s Advocate General Henrik Saugmandsgaard Øe said he will give his non-binding opinion in the case December 12 this year, with a full decision expected by early 2020.

Source: CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

1 2 3 20
>