Cross-border

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]

Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK

January 6, 2021 By Paul Greaves and Wim Nauwelaerts

On December 24, 2020, the EU and the UK reached an agreement on the terms of their future cooperation following the end of the Brexit Transition Period (i.e., following 31 December 2020). The EU-UK Trade and Cooperation Agreement (the ‘Agreement’) contains a temporary solution for companies transferring personal data from the EEA to the UK, […]

U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments

September 28, 2020 By James Harvey and Kelley Chittenden

In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II,” to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 […]

European Parliament Committee Meeting Provides Insight into the Future of EU-US Personal Data Flows

September 7, 2020 By Paul Greaves

On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In particular, the session was attended by Max Schrems, EU Commissioner for Justice Didier Reynders, and Andrea Jelinek (head of […]

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

August 26, 2020 By Daniel Felz and Paul Greaves

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment (which we have previously covered here). This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the […]