PrivacyRules Hong Kong legal member Tanner De Witt informs that on 12 May 2022 the Hong Kong Privacy Commissioner for Personal Data (“PCPD”) published new guidance on recommended model contractual clauses for cross-border transfers of personal data (“Model Contractual Clauses Guidance”). This supplements prior guidance published by the PCPD on cross-border personal data transfers in...
The Brazilian DPA (National Data Protection Authority – ANPD) has opened a call for contributions to collect inputs for the creation of a regulation on international transfers of personal data. The deadline is set to 17 June 2022. Contributions can be sent to this link. Since international data transfers are a vital instrument for developing...
The Berlin DPA (Berliner Beauftragten für Datenschutz und Informationsfreiheit) has published a concise guideline on international data transfers relating to Art. 44 and following of the EU GDPR. The guideline notes that personal data may only be processed if there is a permit for this in the law. If personal data is to be transferred...
After declaring Google Analytics is illegal, the Austrian DPA has declared Google’s IP anonymisation an insufficient protection measure for data transfers between the EU and the US. The Authority has also rejected the notion of a “risk based approach” had been submitted by Google. Find the decision, redacted by the NGO None of Your Business...
The Danish DPA appreciates the efforts of the European Commission to secure an agreement with the United States on a plan that allows the flow of personal data across the Atlantic, yet they currently stand as a simple draft framework agreement. The draft is not yet concrete enough to make a difference to firms that...
The White House announces that the United States and the European Commission have committed to a new Trans-Atlantic Data Privacy Framework, which will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union when it struck down in 2020 the Commission’s adequacy decision underlying the EU-U.S. Privacy...
Set to replace GDPR’s Standard Contractual Clauses (SCCs), the International Data Transfer Agreement and Addendum have come into effect. Pursuant to Brexit, cross border transfer to and fro from UK will now take place through the Agreement or the Addendum. They also take into consideration the binding judgment of the CJEU, i.e. Schrems II. Find...
American Headquarters:
PrivacyRules Ltd.
151 West 4th Street
Suite 200
Cincinnati, OH 45202, USA
European Office:
Via dei Della Robbia 112
50132, Firenze
Italy (IT)