Data Transfers

Subscribe to Data Transfers via RSS

The U.S. Department of Justice (DOJ)’s new data security rule went into effect April 8, 2025. This rule requires companies to take measures to prevent U.S. sensitive personal and government-related data from falling into the hands of foreign adversaries. The rule targets transactions (including data brokerage, vendor agreements, employment agreements, and investment agreements) involving access to bulk sensitive personal data or government-related data when those transactions involve identified covered persons or countries of concern (China, Russia, Iran, North Korea, Cuba, and Venezuela). Continue Reading DOJ Announces 90-Day Grace Period for Companies to Comply with New Data Security Rules on Foreign Adversary Access to U.S. Sensitive Data

Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other things) that his information was sent through the EU Commission’s website to the US through an automated social media login option when he registered for a Commission event. He further alleged that this violated the government-agency equivalent of GDPR (EUDPR), as it occurred during a period in time when the Privacy Shield had been found inadequate, and the replacement program was not yet in place.Continue Reading EU Fines EU?!: Alleged Unlawful Data-Transfer Dust-Up