Data export: EU provides more clarity after Schrems II

In documents published last week, the EU provided some welcome clarity on how organisations should address the invalidation of Privacy Shield as a basis for exporting personal data from the EU. On 10 November 2020, the European Data Protection Board (EDPB) adopted recommendations on ‘supplemental measures’, which can be considered to ensure compliance with the …

Read moreData export: EU provides more clarity after Schrems II

European Data Protection Board releases updated controller / processor guidance for comment

Are you sure you are a data processor? Introduction On 7 September 2020, the European Data Protection Board (EDPB), successor to the ‘article 29 working party’, released updated guidance on the concepts of ‘data controller’ and ‘data processor’ under European Privacy law (i.e. General Data Protection Regulation or GDPR). Whilst this has already been subject …

Read moreEuropean Data Protection Board releases updated controller / processor guidance for comment

Exporting data from the EU after Schrems II: what to do now

As previously discussed, the European Court of Justice’s recent Schrems II decision both (i) invalidated the US privacy shield; and (ii) threw into question alternative justifications for the export of personal data from the EU to the US. Whilst there is yet to be a substantive response from the European Commission, initial reactions from the …

Read moreExporting data from the EU after Schrems II: what to do now