UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules

Share

The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection and Digital Information Bill (“DPDI Bill”) proposes to make significant changes to existing UK data protection legislation, including the UK General Data protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). The proposals include some measures that will result in a significant divergence, particularly for companies operating on a pan-European basis. While some compliance obligations will be relaxed, most of the changes can best be described as “similar but different” in approach. It remains to be seen what the final text will look like when the bill is passed into law, with some of the more radical proposals already having been dropped from consideration. A crucial point of consideration for UK legislators when the DPDI Bill is making its way through the various stages of the legislative process in the Houses of Parliament will be whether this legislation remains sufficiently similar to the EU’s General Data Protection Regulation (“EU GDPR”) that the UK is able to retain its adequacy status for the purposes of exports of personal data from the EU to the UK by companies operating internationally.

Continue reading “UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules”

International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms

Share

The U.K. Information Commissioner’s Office recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat confusing, even to those relatively familiar with international data transfers. Organizations can now review their data transfer arrangements with greater certainty, and this will be a key priority for 2022.

Continue reading “International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms”

European Data Protection Board Issues New Recommendations for International Data Transfers: Essential Guarantees, Supplemental Measures, and False Warrant Canaries

Share

A pair of highly anticipated guidance documents outline the European Data Protection Board’s (EDPB) expectations for organizations transferring data out of the EU. While the detailed process for evaluating data transfers brings welcomed guidance and clarity, some aspects of the EDPB’s framework present significant obstacles for those working with non-EU service providers or moving data for routine business purposes.

For the full alert, visit the Faegre Drinker website.

European Union Adopts Adequacy Decision For Safe Data Flows With Japan

Share

On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data.  Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations.  Japan adopted an equivalent decision with the EU on January 22, 2019.  These reciprocal findings of adequacy will create the largest area of safe data flows in the world.

Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”

EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done

Share

The EU Commission published its second annual review of the functioning of the EU-US Privacy Shield, which focused on the commercial issues, human resources and data automated individual decision-making and developments in the U.S. legal framework.  This report follows the same general structure as the report on the first annual EU-US Privacy Shield review that we reported on last year.

Continue reading “EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done”

Stay In Touch! Email Marketing After the GDPR

Share

Part I: Untangling the GDPR and the e-Privacy Directive

This is the first post in a four part series on GDPR and email marketing.

Your email in-box has probably finally recovered from the wave of GDPR opt-in requests and notices that peaked around May 25th. But, if you’ve followed the privacy press or the statements from EU regulators, you’re probably left wondering what it was all for. Many statements made in news stories (both in the U.S. and the EU) and by commentators have claimed that the GDPR means no one can send marketing emails any more without your permission. But, other stories suggest that the opt-in emails and privacy notices were unnecessary or, even, inappropriate. Who’s right? And what email marketing is allowed now?

Continue reading “Stay In Touch! Email Marketing After the GDPR”

©2022 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.