fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data transfer "

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

There is a significant risk the CJEU will declare these transfer mechanisms as invalid. If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Read full article: SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Privacy Shield Ombudsperson Confirmed by US Senate

On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department.

The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland to the U.S. under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework, respectively.

Source: Privacy Shield Ombudsperson Confirmed by the Senate

Lithuanian DPA launches investigation into D-Link

In response to publicly available information, the Lithuanian data protection authority – State Data Protection Inspectorate – launched an self-initiated inquiry into the allegedly inappropriate processing of personal data by D-Link.

It is feared that D-Link equipment user passwords, browsing history or other information can be accessed by third countries’ servers through D-Link’s devices, allowing profiling and identification of consumers.

State Data Protection Inspectorate also noted that D-Link’s processing activity potentially amounts to a violation of the General Data Protection Regulation’s (GDPR) transparency principle.

Source: State Data Protection Inspectorate Launches D-Link Research | State Data Protection Inspectorate

Supreme Court dismisses Facebook appeal over transfer of user personal data to the US

Ireland’s Supreme Court has dismissed Facebook’s appeal over a High Court decision to refer key issues concerning the validity of European Commission decisions approving EU-US data transfer channels to the Court of Justice of the EU.

The referral was made by the High Court in proceedings by the Data Protection Commissioner (DPC) arising from complaints by Austrian lawyer Max Schrems the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.

Source: Supreme Court dismisses Facebook appeal over transfer of user personal data to the US – Independent.ie

Data transfers as the Brexit clock counts down

Many business owners have spoken of their concern for the impact a “no deal” Brexit could have on personal data transfers between the EU and the UK.

However, some experts say that any adverse fallouts can be easily managed by the use of model clauses for data protection agreements.

Full article: Data transfers as the Brexit clock counts down

After Brexit, the EU must decide if UK data protection is adequate

After Brexit the European Commission will decide whether the UK provides equivalent data protection standards to GDPR and other EU legislation.

The adequacy assessment is going to be a key test of the UK’s data privacy standards and achieving adequacy will be far from straightforward. The UK has committed to maintaining GDPR standards post-Brexit but this is not the whole picture for data protection compliance, and when it comes to the protection of fundamental rights there are difficult questions to be addressed.

Full article: After Brexit, the EU must decide if UK data protection is adequate

Twitter Boosts Feature to Plug Personal Data Sharing

Twitter on Thursday added to efforts to address concerns over privacy protection on social media.

The company announced an update to its abuse reporting functions, allowing users to specify personal information issues, with a GIF showing step-by-step instructions.

Source: Twitter (TWTR) Boosts Feature to Plug Personal Data Sharing – Bloomberg

EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act

On February 25, 2019, the European Data Protection Board (the “EDPB”) issued a statement regarding the transfer of personal data from Europe to the U.S. Internal Revenue Service (the “IRS”) for purposes of the U.S. Foreign Account Tax Compliance Act (“FATCA”).

In its statement, the EDPB announced that it will consider European Parliament calls on the EDPB to investigate any infringement of EU data protection rules by EU Member States whose legislation permits the transfer of personal data to the U.S. for purposes of FATCA. The EDBP also noted that it is currently preparing guidelines on data transfer tools provided for by the EU General Data Protection Regulation (“GDPR”).

Source: EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act

EIOPA publishes no deal Brexit insurance continuity plans

The European Insurance and Occupational Pensions Authority (EIOPA) has published recommendations for national EU insurance regulators, aimed at minimising disruption to policyholders should the UK leave the EU without a withdrawal agreement.

Source: EIOPA publishes no deal Brexit insurance continuity plans

EDPB releases information note in the event of a “No-deal Brexit”

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for their “Binding Corporate Rules” (“BCRs”).

Source: EDPB releases information note in the event of a “No-deal Brexit”

>