In An Area Of Increasing Complexity
Data processing and storage are increasingly a global undertaking. Data collected from an individual in one jurisdiction is often processed and stored in another. This global reality presents considerable challenges and complexity in the context of privacy and related regulatory regimes. For example, in the EU, EEA, and UK, the GDPR provides some of the most robust protections with respect to privacy. In contrast, the United States provides less strict protections as things stand.
Moreover, after the invalidation of the Privacy Shield by the Court of Justice of the European Union (CJEU) in the Schrems II decision, what was an already opaque area of the law became even more challenging. While the Data Privacy Framework (DPF) adequacy decision brings welcome clarity, when it comes to cross-border data transfers, regulatory guidance is in flux, and the global regulatory regimes are incredibly dynamic. At RICHT, we counsel clients on various matters relating to such transfers, including Standard Contractual Clauses (SCCs), Data Privacy Framework (DPF) certification and compliance, as well as supplementary technical measures and other data transfer agreements (DTAs), among a variety of other issues.
- Standard Contractual Clauses
- Technical Supplementary Measures
- Pseudonymisation & Encryption
- Public Authority Access Requests
Find Out About How We Can Help You With Navigating Cross Border Data Transfers While Avoiding Legal Risk
Privacy & Cybersecurity Practice Insights
Cross Border Data Transfer News
Text comparison of principles for commercial transfers: From Privacy Shield to DPF
The version incorporated into the draft European Commission adequacy decision, released December 13, 2022, is an update to similar principles included in the predecessor arrangement, the EU-U.S. Privacy Shield Framework. To aid Privacy Shield businesses in assessing any changes between the Privacy Shield principles and DPF principles, IAPP created a redlined version of the document.
FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework
President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework.
European Commission Adopts UK Adequacy Decisions Allowing Personal Data to Freely Flow from the EU to the UK
On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation (GDPR) and one under the Data Protection Directive with Respect to Law Enforcement (Law Enforcement Directive) (Adequacy Decisions).
Top-10 Do’s and Don’ts for Service Providers Implementing the New SCCs with EU Customers
The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the Official Journal. The new SCCs are a mechanism companies can use to address the restriction under Article 44 in the EU General Data Protection Regulation on the cross-border transfer of personal data to third countries. Here are a few recommendations service providers should consider when implementing the new SCCs with their EU customers.