Data export: EU provides more clarity after Schrems II

In documents published last week, the EU provided some welcome clarity on how organisations should address the invalidation of Privacy Shield as a basis for exporting personal data from the EU. On 10 November 2020, the European Data Protection Board (EDPB) adopted recommendations on ‘supplemental measures’, which can be considered to ensure compliance with the …

Read moreData export: EU provides more clarity after Schrems II

EDPB guidance on ‘supplemental measures’ for data export

On 10 November, the European Data Protection Board adopted a recommendation on supplemental measures which might be used to ensure compliance with the EU level of protection of personal data when exported to third countries with an insufficient level of protection. The recommendation both sets out a process to be followed by data exporters and, …

Read moreEDPB guidance on ‘supplemental measures’ for data export

Prospect of increased regulation in UK for digital giants

The Competition and Markets Authority, the UK Competition regulator, has said it will act against Facebook and Google if the government doesn’t set up a digital regulator within a year. According to the Financial Times, Andrea Coscelli, chief executive of the CMA, said: ‘Plan A is to have a regulatory framework. If [within a year] …

Read moreProspect of increased regulation in UK for digital giants

European Data Protection Board releases updated controller / processor guidance for comment

Are you sure you are a data processor? Introduction On 7 September 2020, the European Data Protection Board (EDPB), successor to the ‘article 29 working party’, released updated guidance on the concepts of ‘data controller’ and ‘data processor’ under European Privacy law (i.e. General Data Protection Regulation or GDPR). Whilst this has already been subject …

Read moreEuropean Data Protection Board releases updated controller / processor guidance for comment

UK Intellectual Property Office seeks views on Artificial Intelligence and Intellectual Property

On 7 September 2020, the UK’s Intellectual Property Office (IPO) published a call for views on the impact of Artificial Intelligence (AI) on the UK’s Intellectual Property (IP) laws. Responses are due by 30 November. The consultation takes place against the backdrop of worldwide interest in AI and the law by governments and regulators. The …

Read moreUK Intellectual Property Office seeks views on Artificial Intelligence and Intellectual Property

US restrictions sound death knell for Huawei?

The US has updated its rules to prevent Huawei’s access to commercially available chips that use US technology in a move that could sound the death knell for the Chinese telecoms firm. Under new restrictions, announced on Monday 17 August by the US Commerce Department, companies globally will need to obtain a licence to sell …

Read moreUS restrictions sound death knell for Huawei?

EU and US start work on enhanced Privacy Shield: Mr Schrems to be persuaded…

On 10 August 2020, Following the European Court’s Schrems II judgment invalidating the US Privacy Shield (and calling into question the legal basis for other transatlantic data transfers), the EU Commission and US Department of commerce issued a short, joint statement: “The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate …

Read moreEU and US start work on enhanced Privacy Shield: Mr Schrems to be persuaded…

Exporting data from the EU after Schrems II: what to do now

As previously discussed, the European Court of Justice’s recent Schrems II decision both (i) invalidated the US privacy shield; and (ii) threw into question alternative justifications for the export of personal data from the EU to the US. Whilst there is yet to be a substantive response from the European Commission, initial reactions from the …

Read moreExporting data from the EU after Schrems II: what to do now

European Court invalidates US Privacy Shield and questions blanket use of Standard Contractual Clauses

Schrems II disrupts data export from EU: on 16 July 2020, the European Court of Justice decided, overturning the 2016 Privacy Shield Decision of the European Commission, that the US Privacy Shield did not, and does not, provide an adequate level of protection for the transfer of personal data from the EU to the US.