As those in the privacy world await the outcome of the EU-US privacy framework negotiations, the EDPB was in the news recently for a different mechanism for data transfers: Binding Corporate Rules. Namely, it adopted recommended standard forms for BCR applications by controllers and recommendations for the application process.Continue Reading EDPB Adopts Binding Corporate Rules Recommendations
EU Privacy
Where Do We Stand?: EU to US Data Transfers
The process for data transfers from the EU to the US under Standard Contractual Clauses has been back in the news recently, leading many to ask: will the proposed EU-US Data Privacy Framework be approved by the Europeans soon?Continue Reading Where Do We Stand?: EU to US Data Transfers
CNIL Weighs in On GDPR Applicability to US Company
The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities. As many know, since GDPR was passed US companies have been concerned about the extent the law applies outside of the EU: it applies not only to those entities with operations in the EU, but also those outside of the region who are either offering goods or services to people in the EU or monitoring individuals in the EU. Here, CNIL concluded that Lusha was not offering goods or services to those in the EU, nor was it monitoring those in the EU.Continue Reading CNIL Weighs in On GDPR Applicability to US Company
EU’s Initial Response to US Proposed Data Transfers Framework
The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of the EU-US Privacy Shield program. Continue Reading EU’s Initial Response to US Proposed Data Transfers Framework
UK Reprimands Companies For Failing to Keep Up with Access Requests
The ICO, Britain’s privacy authority, recently issued reprimands to seven organizations citing multiple failures of the organizations to respond to data subject access requests either within the statutory time frame…
Continue Reading UK Reprimands Companies For Failing to Keep Up with Access RequestsEU To Review New EU-US Data Transfers Framework
President Biden signed a new executive order on Friday, with a framework that seeks to replace the existing Privacy Shield program. That program was found to be an invalid mechanism for transferring personal data between the EU and the US in 2020 (the Schrems II decision). Since then, companies have struggled to establish an appropriate mechanism for transfer of information from the EU to the US.Continue Reading EU To Review New EU-US Data Transfers Framework
EU Regulators to Take Closer Look at DPO Position
The EDPB recently announced its second topic for coordinated enforcement. At a national level, data protection authorities in the EU will be looking into the position of the data protection officer. The results of these national actions are analyzed and bundled, generating deeper insights into a particular topic. Last year, the EDPB had selected the use of cloud-based services by the public sector for its first coordinated enforcement action. So, this second topic will be of more relevance to a wider set of organizations. Given that the report on the outcome of the 2022 coordinated action is expected to be adopted before the end of the year, companies can expect a report on the DPO position sometime in 2023. Continue Reading EU Regulators to Take Closer Look at DPO Position
Deadlines for EU and UK Standard Contractual Clauses Approaching
Companies transferring personal data out of the EU or UK are reminded of key deadlines approaching for the contracts that govern these transfers. When the European Commission adopted the new Standard Contractual Clauses (SCCs) in 2021, it set a deadline of December 27, 2022 for existing contracts under the old SCCs. This means that by December 27, 2022 onward, all existing contracts using the old SCCs will need to be replaced by the new terms.Continue Reading Deadlines for EU and UK Standard Contractual Clauses Approaching
Working Through the New EU SCCs? European Commission Releases FAQs
The European Commission recently released a set of FAQs for the new EU standard contractual clauses (SCCs). The FAQs are based on feedback received from various stakeholders and currently address…
Continue Reading Working Through the New EU SCCs? European Commission Releases FAQsWhat’s the Big Deal About Dark Patterns?
Dark patterns have been a recent regulatory focus. The FTC issued an enforcement policy late last year, and the European Data Protection Board followed suit with guidelines this spring. The…
Continue Reading What’s the Big Deal About Dark Patterns?