At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United States.
A little over six months after the Brazilian Data Protection Law (LGPD) became effective, there seems to be real progress in its implementation. The LGPD is an all-encompassing data protection law similar to the European Union’s GDPR.
In the first case of its kind, the High Court of England & Wales has considered the limits on the extraterritorial reach of the European Data Protection Regulation (GDPR).
We’ve seen a big increase in the use of data subject access requests (DSARs) over the last few years in the UK. Recently-updated guidance, on how to deal with these requests in practice, should provide some reassurance to employers.
As we progress into the next phase of the pandemic, employers in the UK are considering how to safely reintegrate staff into the workplace whilst also managing the risks of processing health data and setting out the expectations for employees.
The Court of Justice of the European Union has invalidated the EU-U.S. Privacy Shield Framework, which more than 5,300 U.S. organizations had relied on to lawfully transfer personal data from the EU to the United States.
On July 16, the European Court of Justice—the “supreme court” of the EU—issued a surprise decision that for the second time in five years completely invalidates the special EU-to-U.S. personal “data export” mechanism, now called the “Privacy Shield.”