International

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

November 18, 2020 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors (‘Clauses’) for the matters referred to in Article 28(3) and (4) of Regulation (EU) 2016/679 (“GDPR”). Article 28(3) and (4) […]

U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments

September 28, 2020 By James Harvey and Kelley Chittenden

In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II,” to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 […]

Brazil’s General Data Protection Law: A Comparison Between Brazil’s Newly Effective Law and the GDPR

September 19, 2020 By Dorian Simmons

Brazil’s General Data Protection Law (the “LGPD”), a law similar to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective. On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, […]

DOJ Charges Seven Individuals in Connection with Global Hacking Campaigns Against More Than 100 Companies

September 18, 2020 By Emily Poole

On September 16, 2020, the U.S. Department of Justice (DOJ) announced that seven individuals believed to be part of a hacking group known as APT41 or “Wicked Panda,” including five Chinese nationals and two Malaysian nationals, have been charged in connection with a global hacking campaign that affected more than 100 companies around the world. […]

EDPB publishes draft guidelines on the concepts of controller and processor

September 8, 2020 By Yung Shin Van Der Sype and Wim Nauwelaerts

The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor for public consultation. While its predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns have been raised since the entry into force […]