International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms

Share

The U.K. Information Commissioner’s Office recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat confusing, even to those relatively familiar with international data transfers. Organizations can now review their data transfer arrangements with greater certainty, and this will be a key priority for 2022.

Continue reading “International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms”

Draft Standard Contractual Clauses Released by European Commission: New Clause Cause for Applause?

Share

Following on from last week’s big announcement by the European Data Protection Board (EDPB) on its expectations for international data transfers after the European Court of Justice’s July 16 Schrems II decision, the European Commission released a draft set of new Standard Contractual Clauses (SCCs) and a draft implementing decision. The Commission’s draft set of clauses allows for two new types of transfer and contains important updates to bring the text of the clauses in line with the General Data Protection Regulation. The draft documents are now available for public consultation, and both the EDPB and the European Data Protection Supervisor will be asked for their opinions on the documents. Following the Schrems II decision, many organizations have been waiting for guidance on additional safeguards and for the (long overdue) arrival of updated Standard Contractual Clauses. While the last few days have seen some welcome developments after a period of hiatus, organizations will likely need some time to assess the practical implications before making radical changes to international data transfer arrangements.

For the full alert, visit the Faegre Drinker website.

European Data Protection Board Issues New Recommendations for International Data Transfers: Essential Guarantees, Supplemental Measures, and False Warrant Canaries

Share

A pair of highly anticipated guidance documents outline the European Data Protection Board’s (EDPB) expectations for organizations transferring data out of the EU. While the detailed process for evaluating data transfers brings welcomed guidance and clarity, some aspects of the EDPB’s framework present significant obstacles for those working with non-EU service providers or moving data for routine business purposes.

For the full alert, visit the Faegre Drinker website.