On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for international data transfers (“SCCs”), and ASEAN’s Model Contractual Clauses (“MCCs”), to assist companies with their efforts to comply with data transfer rules in both regions […]
Data Protection
The EU Supervisory Authorities’ Coordinated Enforcement Action in the EU: This Year It’s All About DPOs
On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated enforcement action”, focusing on the designation of Data Protection Officers (“DPOs”) under the EU GDPR, and the position that DPOs hold in […]
New NAIC Consumer Privacy Model Law Proposed for Insurers
The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023. Model 674 is intended to modernize and replace the Insurance Information and Privacy Protection Model Act #670 (“Model 670”) and the Privacy of Consumer Financial […]
CPPA Anticipates April Effective Date for CPRA Regulations
The California Privacy Protection Agency (“CPPA”) announced during its Board meeting on December 16, 2022 that the regulations implementing the California Privacy Rights Act (“CPRA”) will not likely go into effect until April 2023. CPPA Executive Direct Ashkan Soltani stated that the CPPA Staff plans to publish the final draft of the CPRA regulations in […]
European Commission Takes Significant Step Towards New Solution for Transatlantic Transfers of Personal Data
What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the EU-U.S. Privacy Shield (“Privacy Shield”), which was struck down by Court of Justice of the European Union in the Schrems […]