After a long period of negotiation, the United Kingdom (UK) and the European Union (EU) have reached a deal on the sharing of personal data, only a few days before the end of the Brexit transition period.

The agreed trade deal allows for the continued free flow of personal data from the EU to the UK for a maximum of six months after the transition period expires. During that time, the UK hopes that the European Commission will issue an adequacy decision in relation to the UK, thus allowing the free flow of personal data to continue beyond the six months. In relation to transfers of personal data outside the UK, the UK has already deemed adequate the 30 EU/European Economic Area countries and the 12 countries that have received EU adequacy decisions, as mentioned in our previous blog post (available here).Continue Reading EU-UK data flows following the Brexit transition period

On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union.

On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of

On 28 November 2017, the Article 29 Working Party (‘WP29’) published a working document updating its previous guidance on transfers of personal data to third countries (WP12), (‘WP29 Document’). WP29 has reviewed its earlier guidance in the context of the General Data Protection Regulation (‘GDPR’) and recent case law of the European Court of Justice (‘CJEU’).

The WP29 Document only deals with Chapter 1 of WP12 and focuses solely on adequacy decisions. Chapters 2 and 3 of WP12 will be updated at a later stage. The WP29 Document is currently open for consultation and comments should be submitted by 17 January 2018.

The updated guidance consists of four chapters, the key points of which are discussed below.Continue Reading Article 29 Working Party publishes updated guidance on adequacy referential

Early last month, the European Commission tabled proposed amendments to its existing decisions on the adequacy of third countries’ data protection laws, and to its decisions on the EU standard contractual clauses.

When the CJEU invalidated the EU-U.S. Safe Harbor framework in the Schrems decision last year, it set in motion a review of all

This post was written by Nick Tyler.

The EU Commission has recently approved Israel as a country providing “an adequate level of protection for personal data transferred from the European Union”.

This follows a lengthy process which was nearly derailed, after Irish Government objections, following the assassination in Dubai last January of a Hamas official allegedly committed by agents of Mossad, Israel’s Secret Service, and associated allegations of identity theft involving the passports of Irish (as well as UK) citizens.Continue Reading Israel is welcomed to the ranks of EU-approved personal data destinations