International Data Transfers

Are You Using EU Standard Contractual Clauses for Data Transfers? Be Aware of these Breach Notification Requirements

January 8, 2024 By Wim Nauwelaerts

It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the European Commission, the GDPR allows controllers and processors to transfer personal data to a third country outside of the EU only […]

European Commission Takes Significant Step Towards New Solution for Transatlantic Transfers of Personal Data

December 13, 2022 By Paul Greaves and Wim Nauwelaerts

What Happened? On December 13, 2022, the European Commission (the “Commission”) took a significant step towards the adoption of the EU-U.S. Data Privacy Framework (“DPF”). The DPF is a new framework designed to replace the EU-U.S. Privacy Shield (“Privacy Shield”), which was struck down by Court of Justice of the European Union in the Schrems […]

EU Standard Contractual Clauses (SCCs) Deadline is Looming

November 28, 2022 By Wim Nauwelaerts and Paul Greaves

Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do […]

U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum

April 25, 2022 By Maki DePalo and Yin Tydir

On April 21, 2022, Canada, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei, and the United States of America issued a Global Cross-Border Privacy Rules Declaration announcing the establishment of the Global Cross-Border Privacy Rules Forum (“Global CBPR Forum”). U.S. Secretary of Commerce Gina M. Raimondo, in her statement, described the establishment of […]

EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield

March 25, 2022 By Paul Greaves and Wim Nauwelaerts

On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]