Tag Archives: Data Transfers

New automated data transfer tool launched

Reed Smith announced the launch of DaTA Transfer Pathway, an innovative new automated data transfer tool designed to assist organisations comply with recent changes in EU case law and EU data protection guidelines. Stemming from the Court of Justice of the European Union’s (CJEU) Schrems II decision relating to EU-US data transfers and in light … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2021 Edition)

The Summer 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: Update on international data transfers State Labour Court of Baden-Württemberg: No claim for damages for transferring personal data to the United States on … Continue Reading

The European Data Protection Board adopts guidelines on codes of conduct as a tool for transfers

During its 51st plenary session on 7th July 2021, the European Data Protection Board (EDPB) adopted guidelines on codes of conduct as tools for transfers (CoC Guidelines). The CoC Guidelines are available here. The CoC Guidelines support and complement the previous EDPB Guidelines on CoCs published in 2019 (2019 Guidelines) that established the general framework … Continue Reading

UK adequacy decision for European data transfers

On the 28th June 2021, the European Commission (Commission) adopted two adequacy decisions for the UK; one covering the GDPR and the other the Law Enforcement Directive (LED). Such decisions demonstrate that the Commission believes the UK ensures an ‘essentially equivalent’ level of protection to that within the EU. The implication of these decisions is … Continue Reading

The ICO offers guidance on personal data transfers to the SEC

On 19 January 2021, the Information Commissioner’s Office (ICO), published a letter dated 11 September 2020, available here, explaining that personal data transfers from UK based companies to the Securities and Exchange Commission (SEC) for the purposes of regulatory compliance may be permitted under the General Data Protection Regulation (GDPR). Background Firms regulated by the … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Fall 2020 Edition)

The Fall 2020 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: 1. Data transfers following Schrems II 2. German Supreme Court: Relationship between the GDPR and the German Act on the Protection of Copyrights … Continue Reading

GDPR vs. U.S. discovery: The conflict continues

Recent cases have highlighted the continued tensions between the GDPR and U.S. demands for discovery in the context of U.S. litigation and investigations. This issue can present a real concern for companies operating on both sides of the pond seeking to comply with obligations on either side. Whilst the GDPR provides EU citizens with valuable … Continue Reading

No, we haven’t forgotten about Brexit: UKTF publishes a draft agreement for the future EU-UK partnership

On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading

‘No deal’ Brexit: ICO and UK government issue data protection guidance

The Information Commissioner’s Office (ICO) and the UK Department for Culture, Media and Sport (DCMS) have each issued no-deal Brexit data protection guidance. EU/UK personal data transfers The UK government has committed to incorporating the General Data Protection Regulation (GDPR) into domestic UK law when the UK leaves the EU. This means there will not … Continue Reading

Article 29 Working Party publishes updated guidance on adequacy referential

On 28 November 2017, the Article 29 Working Party (‘WP29’) published a working document updating its previous guidance on transfers of personal data to third countries (WP12), (‘WP29 Document’). WP29 has reviewed its earlier guidance in the context of the General Data Protection Regulation (‘GDPR’) and recent case law of the European Court of Justice … Continue Reading

Article 29 Working Party issues new guidelines for Binding Corporate Rules

The Article 29 Working Party (WP29) has published updated guidelines on Binding Corporate Rules (BCRs) to reflect the requirements set out in the General Data Protection Regulation (GDPR). The two documents, which replace previous WP29 working papers (WP 153 and WP 195) and remain open for public consultation until January 17, 2018, are: (i) Working … Continue Reading

European Commission publishes first annual report on EU-US Privacy Shield.

Following our previous blog on the upcoming first annual review of the EU-US Privacy Shield, the European Commission (“Commission”) published its report on 18 October 2017 (“Report”). The Commission’s Findings Overall, the Report confirms that the Privacy Shield continues to ensure an adequate level of protection for personal data transferred from the EU to participating … Continue Reading

UK Government publishes its position on UK-EU data transfers post-Brexit

The UK Government has published a position paper (“the Paper”), which will form part of a series of papers setting out key issues forming the Government’s vision for their partnership with the EU post-Brexit. The Paper explains how it intends to resolve the much-debated issue of UK-EU data transfers post-Brexit. This issue is a real … Continue Reading

Upcoming first annual review of the EU-U.S. Privacy Shield

During the week of 18 September 2017, the European Commission and the Article 29 Working Party (“WP29”) will undertake the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). The meetings will take place in the United States. As for the U.S. side, the U.S. Department of Commerce will conduct the review, and it … Continue Reading

House of Lords publishes report on Brexit and the EU Data Protection Package

The House of Lords EU Home Affairs Sub-Committee (“the Committee”) has published a report on the EU Data Protection Package and the impact of Brexit (“the Report”). The Report considers the implications of the UK’s exit from the EU for cross-border data transfers, and for UK data protection policy more generally. The Report looks at … Continue Reading

CJEU has released Opinion on EU-Canada Passenger Name Record Agreement – What it means for international data transfer mechanisms

In the Opinion 1/15 of 26 July 2017 (“Opinion”), the Court of Justice of the European Union (“CJEU”) held that the proposed agreement between the EU and Canada on the transfer and processing of Passenger Name Record (“PNR”) data may not be concluded in its current form. The Opinion is available here. The CJEU said that … Continue Reading

House of Commons publishes briefing paper on Brexit and data protection

The House of Commons Library, which aims to provide impartial research and analysis to MPs and their staff, has published a briefing paper on the impact of Brexit on data protection law in the UK (“the Paper”). The Paper summarises the background to EU data protection law and notes that inconsistent implementation of the Data … Continue Reading

CIPL produces roadmap for potential certification standards under GDPR

As part of its GDPR Implementation Project, the Centre for Information Policy Leadership (‘CIPL’) has released a discussion paper on certifications, seals and marks. The paper stresses the benefits of certifications that can be adapted to different companies and contexts, all while retaining common cross-border baselines. As no such measure is currently in place ahead … Continue Reading

EU data protection authorities approve Google’s Cloud commitments for international data transfers

Google has announced that the EU data protection authorities have reviewed and confirmed its Google Cloud services’ contractual commitments as fully compliant with the EU requirements for transferring personal data to third countries outside the European Economic Area (“EEA”). Model contract clauses The review was carried out in line with Working Paper 226 (‘WP 226’). … Continue Reading

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to the case brought by Max Schrems in 2015, which led to the Safe Harbor framework being declared immediately invalid. Wood reminds organisations that continued … Continue Reading

“Battle-ready” Privacy Shield gets muted welcome from EU data protection authorities

On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the improvements implemented by the Commission and U.S. authorities since its last critical opinion, the WP29 outlined some remaining concerns, including … Continue Reading

EU-U.S. Data Privacy Shield adopted by European Commission

Following a positive vote from the Article 31 Committee on 8 July, the EU-US Privacy Shield was formally adopted on 12 July and will enter immediately into force in the EU. In the U.S. the Privacy Shield will be published in the Federal Register, becoming effective on 1 August and will be operated by the … Continue Reading
LexBlog