Tag Archives: Data Transfers

UK Government publishes its position on UK-EU data transfers post-Brexit

The UK Government has published a position paper (“the Paper”), which will form part of a series of papers setting out key issues forming the Government’s vision for their partnership with the EU post-Brexit. The Paper explains how it intends to resolve the much-debated issue of UK-EU data transfers post-Brexit. This issue is a real … Continue Reading

Upcoming first annual review of the EU-U.S. Privacy Shield

During the week of 18 September 2017, the European Commission and the Article 29 Working Party (“WP29”) will undertake the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). The meetings will take place in the United States. As for the U.S. side, the U.S. Department of Commerce will conduct the review, and it … Continue Reading

House of Lords publishes report on Brexit and the EU Data Protection Package

The House of Lords EU Home Affairs Sub-Committee (“the Committee”) has published a report on the EU Data Protection Package and the impact of Brexit (“the Report”). The Report considers the implications of the UK’s exit from the EU for cross-border data transfers, and for UK data protection policy more generally. The Report looks at … Continue Reading

CJEU has released Opinion on EU-Canada Passenger Name Record Agreement – What it means for international data transfer mechanisms

In the Opinion 1/15 of 26 July 2017 (“Opinion”), the Court of Justice of the European Union (“CJEU”) held that the proposed agreement between the EU and Canada on the transfer and processing of Passenger Name Record (“PNR”) data may not be concluded in its current form. The Opinion is available here. The CJEU said that … Continue Reading

House of Commons publishes briefing paper on Brexit and data protection

The House of Commons Library, which aims to provide impartial research and analysis to MPs and their staff, has published a briefing paper on the impact of Brexit on data protection law in the UK (“the Paper”). The Paper summarises the background to EU data protection law and notes that inconsistent implementation of the Data … Continue Reading

CIPL produces roadmap for potential certification standards under GDPR

As part of its GDPR Implementation Project, the Centre for Information Policy Leadership (‘CIPL’) has released a discussion paper on certifications, seals and marks. The paper stresses the benefits of certifications that can be adapted to different companies and contexts, all while retaining common cross-border baselines. As no such measure is currently in place ahead … Continue Reading

EU data protection authorities approve Google’s Cloud commitments for international data transfers

Google has announced that the EU data protection authorities have reviewed and confirmed its Google Cloud services’ contractual commitments as fully compliant with the EU requirements for transferring personal data to third countries outside the European Economic Area (“EEA”). Model contract clauses The review was carried out in line with Working Paper 226 (‘WP 226’). … Continue Reading

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to the case brought by Max Schrems in 2015, which led to the Safe Harbor framework being declared immediately invalid. Wood reminds organisations that continued … Continue Reading

“Battle-ready” Privacy Shield gets muted welcome from EU data protection authorities

On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the improvements implemented by the Commission and U.S. authorities since its last critical opinion, the WP29 outlined some remaining concerns, including … Continue Reading

EU-U.S. Data Privacy Shield adopted by European Commission

Following a positive vote from the Article 31 Committee on 8 July, the EU-US Privacy Shield was formally adopted on 12 July and will enter immediately into force in the EU. In the U.S. the Privacy Shield will be published in the Federal Register, becoming effective on 1 August and will be operated by the … Continue Reading

European Commission Publishes Proposal for Signing the EU-U.S. Umbrella Agreement

The EU-U.S. data protection Umbrella Agreement consists of a framework of principles and safeguards for trans-Atlantic transfers of personal data (such as criminal records, names and addresses) in relation to the prevention, detection, investigation and prosecution of criminal offences, including terrorism. The agreement seeks to satisfy two core objectives: first, to ensure a high level … Continue Reading

EU Data Protection Regulators All Set to Scrutinise ‘EU-U.S. Privacy Shield’ and Transfer Mechanisms to the U.S. Generally

On 3 February, the Article 29 Working Party (‘WP29’), a group comprising representatives of the EU Member States’ Data Protection Authorities (‘DPAs’), issued a statement cautiously welcoming the agreement on an “EU-U.S. Privacy Shield”. If it is formally adopted, the Privacy Shield will replace the Safe Harbor agreement that was declared invalid by the EU’s … Continue Reading

Amendments to Poland’s Data Protection Law Ease the Rules on Data Exports and Data Protection Officers

The Polish Parliament passed the Facilitation of Business Activity Act (source in Polish) which significantly amends the existing Act on Personal Data Protection. The amendments come into force 1 January 2015. The changes mean that the EU Commission’s approved Standard Contractual Clauses for data transfers (“SCCs”) and approved Binding Corporate Rules (“BCRs”) are automatically recognised … Continue Reading

President of the EC calls for a finalisation of Europe’s data protection rules and review of safe harbor

Incoming president of the European Commission, Jean-Claude Juncker, has radically transformed the EU executive to help him pursue his vision for the next five years. Juncker seeks to make the EU “an area of justice and fundamental rights based on mutual trust,” and has led to him calling for the “conclusion of negotiations on the … Continue Reading

Poland’s Draft Data Protection Law To Alter the Rules for Data Transfer and Data Privacy Officers

A draft of Poland’s new draft data protection law has been released and has the potential to significantly change the rules in Poland governing international data transfers and data privacy officers. Under existing rules, Poland is an EU member state that does not currently recognise the Standard Contractual Clauses or Binding Corporate Rules (BCRs) as … Continue Reading

EU Data Protection Update: Belgium, Italy and Slovakia

Belgium has issued a new protocol to facilitate the approval process for transfers of personal data outside the EU. Italy issued new regulations governing direct marketing, and the Slovak Republic has introduced a new data protection act—a busy few months! Belgium’s new protocol on data transfers was issued on the 25th of June by the … Continue Reading

U.S.-EU Safe Harbor Under Fire

As part of an on-going debate on the European data protection reform, doubts were cast over the adequacy of the Safe Harbor arrangements with the United States. Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, called the 13-year-old data-sharing agreement between the EU and the United States a potential “loophole for data … Continue Reading

EU Article 29 A29WP publishes new BCR guidance for processors

The European Union (EU) data protection body, the Article 29 Working Party (A29WP), in April adopted new guidance on Binding Corporate Rules for Processors (BCPRs). The document supplements the opinion from June 2012, which listed elements required for valid BCPRs, by further clarifying what provisions and mechanisms must be included before BCPRs can be authorised. … Continue Reading
LexBlog