The European Commission published a draft decision on UK adequacy for transfers of personal data from the EU to the UK, which you can read here. This EC conducted an assessment of the UK’s GDPR framework under the UK Data Protection Act 2018, including data protection rules applicable to UK law enforcement and national security … Continue Reading
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) announced their joint opinions on the draft standard contractual clauses (SCCs) previously published by the European Commission in November 2020. The opinions cover the SCCs between controllers and processors and the SCCs for the transfer of personal data to third countries. We … Continue Reading
With the end of the Brexit transition period quickly approaching on 31 December 2020, the future of international data transfers between the UK and the European Union (EU) and European Economic Area (EEA) remains somewhat unclear. As background, Article 44 of the General Data Protection Regulation (GDPR) prohibits the transfer of personal data from the … Continue Reading
On 12 November 2020, the European Commission released draft updated standard contractual clauses (SCCs) for consultation (available here). The current SCCs were adopted by the Commission before the GDPR came into force. The CJEU’s decision in the Schrems II case has given greater urgency to updating the current SCCs. Once approved, the new SCCs will … Continue Reading
On 12 November 2020, the European Commission released its first draft set of clauses covering the Article 28 GDPR requirements, for consultation (available here). Article 28 of the GDPR governs the relationship between controllers and processors. In particular, Articles 28(3) and (4) outline the details that must be included in a data processing agreement between … Continue Reading
Following a previous European Commission recommendation to support the gradual lifting of coronavirus (COVID-19) restrictions through mobile data and apps, on 19 October 2020, the European Commission has set up an EU-wide system for the interoperability of track and trace apps. Background National contact tracing and warning apps can play a key role in all … Continue Reading
On 13th May, the European Commission’s eHealth Network published its interoperability guidelines for approved contact tracing mobile applications in the EU, guiding developers when designing and implementing applications and backend solutions to ensure efficient tracing of cross-border infection chains. These guidelines serve as a follow-up action to their previously published ‘Common EU Toolbox for Member … Continue Reading
On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading
Never one to miss a bandwagon, the European Commission has published three documents to mark the first year of GDPR: a Eurobarometer survey on data protection (Eurobarometer Survey); a multi-stakeholder expert group (MEG Report); and guidance on the free flow of non-personal data within the EU (reported on here). We set out some of the … Continue Reading
The new Regulation (EU) 2018/1807 on a framework for the free flow of non-personal data in the EU (Free Flow of Non-Personal Data Regulation), which we discussed in a previous blog, became applicable from 28 May 2019. Together with the General Data Protection Regulation (EU) 2016/679 (GDPR), the two regulations now provide a “comprehensive framework … Continue Reading
On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act. Initiatives to build strong EU-wide cybersecurity The … Continue Reading
On February 14, 2019 the European Commission, European Parliament and Council of the European Union agreed to implement new rules designed to ensure a fair, transparent and predictable business environment to the benefit of both end consumers and entrepreneurs using third-party online platforms for their business. The Council and European Parliament will adopt these new … Continue Reading
On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union. On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of … Continue Reading
In April 2018 the European Commission (Commission) published its Communication on the digital transformation of health and care in the Digital Single Market (Communication). The Commission outlined the need for reforms to health care systems and the development of innovative digital solutions. On 6 December 2018, the European Economic and Social Committee (EESC) published its … Continue Reading
On 22 June 2018, the European Commission published a factsheet that provides a visual summary of the actions taken to date to implement its Digital Single Market strategy. The Digital Single Market strategy refers to the European Commission’s mission to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer … Continue Reading
On 5 July 2018, the European Parliament demanded in a resolution that the European Commission suspends its EU-U.S. Privacy Shield unless the U.S. administration introduces adequate data protection safeguards by 1 September 2018. The Privacy Shield agreement is aimed at facilitating data transfers of EU personal data to the United States. The non-binding resolution was … Continue Reading
You may well remember our blog from last year which outlined the Commission’s proposal for a framework in relation to the free flow of non-personal data in September 2017 (you can view our blog here). On 19 June 2018, the European Parliament, Council and the European Commission reached a political agreement on the rules that … Continue Reading
Background On 22 November 2017, the Court of Justice of the European Union (“CJEU”) gave judgment in a case taken by the not-for-profit company, Digital Rights Ireland Limited (“DRIL”). DRIL sought an annulment of the European Commission’s Privacy Shield decision. This decision states that the US ensures an adequate level of protection for personal data … Continue Reading
The European Commission has issued a proposal for a new Regulation on the free flow of non-personal data (“the Proposal”). Background The Commission adopted a Communication in January 2017 on “Building a European Data Economy”, in which its work on free flow of data was announced in the context of actions to enhance the data … Continue Reading
“A year from now, the European Union will start benefiting from the new data protection standards.” This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all … Continue Reading
The European Commission has imposed a fine of EUR110 million (US$122 million) on Facebook for providing misleading or incorrect information to the European Commission when it filed the acquisition of WhatsApp for merger approval in 2014. In the notification, Facebook stated that it would be unable to establish a reliable automated matching between Facebook users’ … Continue Reading
Google has announced that the EU data protection authorities have reviewed and confirmed its Google Cloud services’ contractual commitments as fully compliant with the EU requirements for transferring personal data to third countries outside the European Economic Area (“EEA”). Model contract clauses The review was carried out in line with Working Paper 226 (‘WP 226’). … Continue Reading
On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the improvements implemented by the Commission and U.S. authorities since its last critical opinion, the WP29 outlined some remaining concerns, including … Continue Reading
On 5 July, the European Commission (“EC”) published a communication outlining measures to improve resilience to cyber incidents, improve cooperation and information sharing, and promote innovation and competition in the European cybersecurity industry. The communication highlights the EC’s intention to take cooperation, knowledge, and capacity to the next level, particularly through the imminent introduction … Continue Reading
