Tag: data transfer

Tag: data transfer

Controller Binding Corporate Rules: New recommendations from the EDPB

The EDPB recently published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules.   The European Data Protection Board (EDPB) has recently adopted recommendations for the Controller Binding Corporate Rules (BCR-Cs) during their November plenary. The document includes recommendations on the Application for

EU-U.S. Data Privacy Framework; Executive Order signed

For Europeans whose personal data is transferred to the U.S., new binding safeguards are in order with the signing of a new Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities’ on October 7th, 2022. These binding safeguards address all the points raised by the Court of Justice of the EU, protecting EU

Data Access Agreement comes into force between the UK and the U.S

The UK and the U.S. have recently signed a Data Access Agreement to aid the respective countries in combating crime.    An agreement came into force on October 3rd, 2022 between the Government of the United Kingdom and the Government of the United States. The Agreement focuses on the access to electronic data for the

Executive order on transatlantic data transfers expected to be published by U.S. president

A shortly anticipated executive order on transatlantic data transfers from the US president is expected to impact EU-U.S. data transfers.   The United States is expected to publish its long-awaited executive order on transatlantic data transfers very soon, according to a report from Politico. A United States official, who was not authorized to discuss the

Final decision on Meta Platforms delayed by Irish DPC

The Irish DPC has been forced to delay its final decision on Meta Platforms’ use of SCCs for international data transfers.    Despite several threats from the company Meta Platforms to shut down Facebook and Instagram in Europe due to concerns over the use of Standard Contractual Clauses (SCCs) for cross-border data transfers, this may

GDPR-CARPA certification mechanism adopted by CNPD

Luxembourg adopted the GDPR-CARPA verification mechanism  becoming the first country to introduce a certification mechanism under the GDPR.   The National Data Protection Commission of Luxembourg (CNPD) adopted its GDPR-CARPA (Certified Assurance-Report based Processing Activities) certification mechanism last month. This will be known as the first certification mechanism under the GDPR to be adopted on

Data sharing for charities: guidance from CNIL

CNIL recently published guidance relating to data sharing for charities for the purposes of prospecting.   CNIL recently published guidance relating to data sharing for charities for the purposes of prospecting. According to CNIL, these guidelines are geared towards any association or foundation appealing to the generosity of the public to receive donations, which wishes

New agreement on EU-US data transfers

For companies which depend on cross border data transfers, some needed relief may come in the form of a new agreement on EU-US data transfers.  The European Union and the U.S. recently announced that they had reached an agreement  “in principle” on a new framework for cross-border data transfers. This is expected to bring some

Stop using Google Analytics: CNIL gives formal notice to website managers.

CNIL has given formal notice to website managers to come into compliance and to stop using Google Analytics due to illegal EU – US Data transfers.    CNIL has joined several other EU watchdogs in ordering website managers to stop using Google Analytics. As a result of several complaints being filed by NOYB, against a

Explore alternatives to Google Analytics: advice from the Norwegian DPA

With multiple European authorities ruling against the use of this service, the Norwegian DPA suggests that companies explore alternatives to Google Analytics.    In a recent blog, we covered why the use of Google Analytics (and Stripe) by the European Parliament was considered a violation of the Court of Justice’s (CJEU) “Schrems II” ruling on