Data Protection

EDPB issues draft guidelines on the interplay between the GDPR’s provisions on territorial scope and international data transfers

November 22, 2021 By Yung Shin Van Der Sype and Wim Nauwelaerts

On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on international data transfers. In this draft guidance, the EDPB clarifies which (cumulative) criteria must […]

Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed

November 2, 2021 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]

China’s First Comprehensive Personal Information Protection Law – Key Takeaways

October 5, 2021 By Privacy, Cyber & Data Strategy Team

On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for […]

September 27 Deadline Looming for EU Standard Contractual Clauses

September 15, 2021 By Wim Nauwelaerts

On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the EU GDPR) to controllers or processors outside the EU/EEA (and not subject to the EU GDPR). The modernized SCCs will […]

UK Unveils Post-Brexit Data Plans with an Emphasis on International Transfers of Personal Data

August 26, 2021 By Paul Greaves

Today, the UK Department of Digital, Culture, Media and Sport (“DCMS”) has made a series of announcements shedding light on the UK’s post-Brexit data strategy. The announcements – which emphasize the importance of international transfers of personal data to global trade – include as follows: A Press Release, providing an overview of the UK government’s […]