On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that the GDPR’s AI rules apply when banks use credit scores to make consumer credit decisions. But, the decision […]
UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the U.S. on the basis of the recently enacted EU-U.S. Data Privacy Framework (“DPF”). The UK Government […]
International Data Transfers: European Commission Gives Green Light to EU-U.S. Data Privacy Framework
What Happened? On July 10, 2023, the European Commission (‘EC’) adopted its long-awaited adequacy decision approving the EU-U.S. Data Privacy Framework (‘DPF’). By doing so, the EC is confirming that personal data transferred to the U.S. under the DPF is adequately protected in line with the EU GDPR’s international data transfer rules. Transfers of personal […]
Council of Europe Launches Model Contractual Clauses for Transfers of Personal Data
On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for cross-border data flows (“MCCs”). The MCCs are intended to cover the transfers of personal data to countries that are not parties to […]
Joint Regulatory Guidance Aims to Help Companies Transfer Personal Data Across ASEAN and EU Member States
On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for international data transfers (“SCCs”), and ASEAN’s Model Contractual Clauses (“MCCs”), to assist companies with their efforts to comply with data transfer rules in both regions […]