International Data Transfers

China’s First Comprehensive Personal Information Protection Law – Key Takeaways

October 5, 2021 By Privacy, Cyber & Data Strategy Team

On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for […]

UK Unveils Post-Brexit Data Plans with an Emphasis on International Transfers of Personal Data

August 26, 2021 By Paul Greaves

Today, the UK Department of Digital, Culture, Media and Sport (“DCMS”) has made a series of announcements shedding light on the UK’s post-Brexit data strategy. The announcements – which emphasize the importance of international transfers of personal data to global trade – include as follows: A Press Release, providing an overview of the UK government’s […]

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]

U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments

September 28, 2020 By James Harvey

In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II,” to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 […]

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

August 26, 2020 By Daniel Felz and Paul Greaves

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment (which we have previously covered here). This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the […]