Data Dive

Written and curated by a multidisciplinary group of attorneys, Data Dive delivers key insights on cybersecurity, privacy and other data-related topics impacting organizations across the globe.

Search This Blog by Keyword

Filter by Category

Search Results

Data Dive

October 25, 2023

The Implementing Regulations of the Personal Data Protection Law and the Regulations on Personal Data Transfer outside the Geographical Boundaries of the Kingdom (together, the Regulations) were recently issued by the Saudi Authority for Data and Artificial Intelligence. We set out in this post the key features of the Regulations.

...

Read More

Data Dive

October 18, 2023

The Information Commissioner’s Office (ICO), the personal data protection authority in the United Kingdom (UK), is running a public consultation on its draft guidance on biometric data which covers the requirements under the UK General Data Protection Regulation (GDPR) (similar to the EU GDPR, with extraterritorial reach) for such data. Vendors or users of biometric recognition systems, including both controllers and processors, would be required to comply with the guidance once finalized. As the definition of biometric data is relatively broad and includes, for example, a person’s voice or face that have been analysed using technology for the purposes of identifying such person, the draft guidance is likely to apply to a wide range of companies across all industry sectors in and outside the UK. The consultation includes 20 questions and we encourage participation, via completing the survey, or by downloading the word document through this link and forwarding the response to biometrics@ico.org.uk. The ICO will close the consultation on 20 October 2023.

...

Read More

Data Dive

June 20, 2023

On 8 June 2023, the UK Prime Minister and the US President jointly announced a commitment to a renewed partnership between the countries, and a framework for economic and diplomatic co-operation (the “Atlantic Declaration1).

...

Read More

Data Dive

Dec 14, 2022

On Tuesday, December 13, the European Commission initiated its long-awaited process towards the adoption of an adequacy decision for the European Union (EU)-U.S. Data Privacy Framework (EU-U.S. DPF), which aims to address the concerns raised by the Court of Justice of the EU when it struck down the European Commission’s adequacy decision underlying the EU-U.S. Privacy Shield framework in 2020.

...

Read More

Data Dive

Oct 20, 2022

An executive order implementing U.S. commitments to the new successor agreement to the Privacy Shield, the EU-U.S. Data Privacy Framework was signed by President Biden in October 2022. The order marks a historic step in respect of trans-Atlantic data transfers and creates a new two-tier redress mechanism for individuals in the EU. The order also establishes a number of additional safeguards that constitute a substantive limitation on the U.S. intelligence communities access to and handling of data. 

...

Read More

Data Dive

Mar 28, 2022

Last week the Biden administration and the European Commission jointly announced a new trans-Atlantic data flow agreement. While no specifics have yet been made public, a recent press release gives the high-level facts of this pivotal economic agreement, which is the product of more than a year’s worth of negotiations that will “enable the continued flow of data that underpins more than $1 trillion in cross-border commerce every year” (find our previous articles on cross-border data transfer here, and here). This “agreement in principle” would reinstate a framework to allow the free exchange of data between the United States and the European Union (EU) without violating the General Data Protection Regulation (GDPR).

...

Read More

Data Dive

2021-09-27 04:00

Akin Gump published a client alert on how new contracts involving cross-border personal data transfers must now incorporate the updated standard contractual clauses (“New SCCs”) for controllers and processors. as of September 27, 2021 for new contracts the New SCCs must be used. Businesses with cross-border personal data transfers out of the EEA should begin reviewing their existing contractual arrangements and data processing operations now, because the transition period is short, by December 27, 2022 all existing contracts need to be updated. To read the full alert, please click here.

...

Read More

Data Dive

2021-01-26 02:00

In response to a request from the SEC, the U.K. Information Commissioner’s Officer, U.K.’s data protection regulator (ICO), has published its letter to the SEC setting out the ICO’s views on regulating relevant transfers of personal data, which will assist firms to understand how they can comply with both their SEC obligations and the U.K. GDPR. A U.K. firm is likely to be able to provide requested documents containing personal data in reliance on the “public interest” derogation in Article 49(1)(d) U.K. GDPR, but firms will have to consider whether the transfer is “necessary and proportionate”, provide the appropriate disclosures to customers and staff and document their decision making process. To read the full alert, please click here.

...

Read More