On July 28, 2020, German supervisory authorities (Datenschutzkonferenz, the “DSK”) issued a statement emphasizing that organizations that rely on Standard Contractual Clauses (“SCCs”) or Binding Corporate Rules (BCRs”) must implement additional safeguards to lawfully transfer personal data to third countries. In keeping with the Court of Justice of the European Union CJEU’s judgment of 7/16, and the European Data Protection Board EDPB FAQ Memo of 7/20, the German DSK statement affirmed it’s intent of enforcing GDPR under the framework of the Court’s ruling, and with no grace period to comply. The highlights of the German DSK statement are: Organizations receiving transfers of EU Personal Data outside of the European Economic Area (EEA) are required to review the mechanisms and provide additional protections to safeguard the privacy rights…
United Arab Emirates to introduce new data protection law, a step towards a UAE data protection regime that would provide adequate level protection for the purposes of data transfers from the EU and other regulated jurisdictions.
Pres. Biden to nominate to FTC Alvaro Bedoya, Georgetown Law professor and founding director of GU’s Center on Privacy & Technology where his work has focused on surveillance technologies including facial recognition.
.@DPCIreland to fine #WhatsApp Ireland Ltd €225 million for failure to meet the #transparency requirements of #GDPR Articles 12-14. This fine increases the €30-50 million proposed in the DPC’s December draft decision. https://edpb.europa.eu/system/files/2021-09/dpc_final_decision_redacted_for_issue_to_edpb_01-09-21_en.pdf