“We are all trying to be pragmatic and open-minded and ambitious and quick about this because for us it’s been seven weeks in the new administration but the world has been waiting eight months since the ‘Schrems II’ ruling, so there is a real sense of urgency on our part. There is also an opportunity
I discover with my little eye… a GDPR breach?
“Recent court rulings suggest that companies still face a Catch-22 when getting involved in U.S. discovery. There have been several cases … in which a party has objected to discovery based on GDPR concerns,” write Dr. Matthias Artzt and Gary D. Weingarden for IAPP – International…
It’s 2021 and people will (hopefully) soon be back to planning vacations and staying at hotels.
In this 30 minute video for HospitalityNet, Odia Kagan, a partner in Fox Rothschild’s Privacy & Data Security Practice, discussed the five top things hotels should think about relating to data privacy compliance.
- Privacy disclosures: Are they complete?
In atypical 2020 fashion, Santa actually gave UK the #1 present on its Christmas list: adequacy for cross-border data transfers from the EU as part of an overall trade deal.
Bloomberg reports the deal will include an interim solution for a maximum of 6 months while the European Commission considers a full adequacy decision for…
Do any of these things pertain to your business?
- Are you outsourcing your HR, IT or payroll function to a UK-based organization?
- Are you using a UK-based marketing company to send marketing communications to your customer database?
- Is your occupational health provider based in the UK?
- Is your pension scheme based in the UK?
Winter is coming.
“I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield like solution will last for a while,” European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski told Reuters
Norway’s Datatilsynet does not mince words in its Brexit guidance:
“On 31 December 2020, the Brexit transition period will end. This means, among other things, that anyone who transfers personal data to the United Kingdom after this date must follow the rules on the transfer of personal data to third countries.”
“If the European Commission…
The European Commission has issued long-awaited draft Standard Contractual Clauses and they have something for everyone…
- Annexes and pick-and-choose modules (C2C, C2P, P2P, P2C).
- Lots of emphasis on the laws of the country of transfer and pushing back on government requests.
- Reiteration of some Article 26 (joint controller agreement) and Article 28 (data processor agreement)
Brace yourselves, the post-Schrems II supplemental measures are coming!
The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union level of protection of personal data, as well as recommendations on the European Essential Guarantees for surveillance measures.
“The implications of the Schrems II judgment extend to all transfers to third countries. Therefore, there are no quick fixes, nor a one-size-fits-all solution for all transfers, as this would be ignoring the wide diversity of situations data exporters face. Data exporters will need to evaluate their data processing operations and transfers and take effective measures bearing in mind the legal order of the third countries to which they transfer or intend to transfer data,” said EDPB chair Andrea Jelinek
The European Essential Guarantees recommendations provide data exporters with elements to determine if the legal framework governing public authorities’ access to data for surveillance purposes in third countries can be regarded as a justifiable interference with privacy rights.
When it comes to entering into new agreements with non-EU providers that involve the processing of EU personal data, if in doubt – don’t, says Norway DPA Datatilsynet.
“One must be prepared for the fact that new agreements involving the illegal transfer of personal data to third countries may be considered more severely than existing…