fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data transfer "

US told to appoint a damn Privacy Shield ombudsperson already or EU will take action

The European Commission’s second annual review of the Privacy Shield agreement made similar noises to last year’s, concluding the deal does the trick but could be better. It said the US ensures an adequate level of protection for personal data transferred under the deal, and has made some improvements, but progress is slow and there is more work to do.

The US has been told once again to appoint a permanent ombudsperson to oversee the deal governing transatlantic data flows, but this time has been given a deadline.

Full article: US told to appoint a damn Privacy Shield ombudsperson already or EU will take action • The Register

EU-US Privacy Shield passes second annual review

Despite the lack of a permanent ombudsperson, the European Commission confirmed on Wednesday that the Privacy Shield had passed its second annual review.

The US government has been given until the end of February next year to appoint a permanent ombudsperson to handle data protection complaints from EU citizens.

Source: EU-US Privacy Shield passes second annual review

UK-to-UK data transfers impacted by ‘no deal’ Brexit

UK businesses that outsource the processing of personal data to UK supplier or which send data to other UK-based businesses in their group may need to update their contracts in the event of a ‘no deal’ Brexit to allow those data transfers to continue, a data protection law expert has said.

Full article: UK-to-UK data transfers impacted by ‘no deal’ Brexit

No-deal Brexit will block critical data transfers from EU

Despite bringing the General Data Protection Regulation (GDPR) into UK law in the form of the Data Protection Act 2018, leaving the EU without a deal in place means Britain will be, for a time, classed as a ‘third country’ until an adequacy agreement can be implemented.

This means that while some data can be transferred from the UK to European Economic Area (EEA) countries, something supported by the UK government, there will be a stop to all flow of personal information in the opposite direction until a data adequacy agreement comes into force, according to the ICO.

Full article: No-deal Brexit will block critical data transfers from EU, warns ICO | IT PRO

ICO advises companies on how to prepare for a possible no-deal Brexit

The ICO recommends steps that companies could take now to start preparing for data protection compliance if the UK leaves the EU on 29 March 2019 without a deal.

If the UK is currently your organisation’s lead supervisory authority, you should review the structure of your European operations to assess whether you will continue to be able to have a lead authority and benefit from the One-Stop-Shop, the ICO says.

Source: ICO advises companies on how to prepare for a possible no-deal Brexit – Privacy Laws & Business

Will the UK achieve adequacy after Brexit?

The status of U.K.-EU data flows post-Brexit has been the subject of speculation since the fateful vote was taken nearly two-and-a-half years ago. But with the prospect of the U.K. crashing out of the EU without an orderly withdrawal agreement growing ever-more realistic, concern is mounting.

Full article: Will the UK achieve adequacy after Brexit? Even the ICO isn’t so sure

FTC Gives Final Approval to Settlements in Privacy Shield Cases

US Federal Trade Commission has given final approval to settlements with four companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.

As part of the proposed settlements with the FTC, all four companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization, and must comply with FTC reporting requirements. In addition, VenPath and SmartStart must continue to apply the Privacy Shield protections to personal information they collected while participating in the program, protect it by another means authorized by the Privacy Shield framework, or return or delete the information within 10 days of the order.

Source: FTC Gives Final Approval to Settlements with Four Companies Related to EU-U.S. Privacy Shield | Federal Trade Commission

Timescale set for data protection ‘adequacy’ decision after Brexit

On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.

According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.

Full article: BREXIT: timescale set for data protection ‘adequacy’ decision

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

>