Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

Schrems II – Portuguese DPA suspends data transfer to the US by public entity that relied on standard contractual clauses

Nigel Parker

On 27 April 2021, the supervisory authority of Portugal (CNPD) issued a resolution that required the National Institute of Statistics (INE) to suspend, within twelve hours, the transfer of data collected as part of the 2021 census surveys to the US or any other third country without adequate data protection. The CNPD specifically referred to Read More

European Union – A proposal for the Regulation of AI offers the first structured approach to regulating AI systems

Nigel Parker

On 21 April 2021, the European Commission published its Proposal for a Regulation on a European approach for Artificial Intelligence (the draft AI Regulation). The press release can be found here. The proposal differs substantially from the draft version that was leaked last week. Risk-based approach The draft AI Regulation follows a risk-based approach, differentiating Read More

EU – EDPB adopts positive opinions on draft UK adequacy decisions and adopts final Guidelines on targeting of social media users

Nigel Parker

On 14 April 2021, the European Data Protection Board (EDPB) announced the outcomes of its 48th plenary session held on 13 April 2021. The EDPB adopted two opinions on the draft UK adequacy decisions in relation to data transfers based on the GDPR and the Law Enforcement Directive (the LED). The EDPB confirms the conclusions Read More

Are UK employers right to be testy about Covid-19? Key considerations on mandatory workplace testing

Benjamin Scrace

In guidance published by the Department of Health and Social Care, the UK government encourages private employers to provide Covid-19 coronavirus testing to their workers: “We want as many employers as possible to sign up to regularly test their employees”. Before implementing a workplace testing programme, UK employers should consider carefully whether their approach is Read More

Schrems II Update – EU-US to intensify new Privacy Shield talks, US Congressional Research Service issues new report and German DPA applies Schrems II

Nigel Parker

In the past weeks, there have been a number of developments related to the consequences of the European Union Court of Justice (CJEU) decision in Schrems II. The most noteworthy developments are summarised below. Intensified talks on enhanced EU-US Privacy Shield framework On 25 March 2021, the EU Commissioner for Justice Didier Reynders and the Read More

Schrems II: French Conseil d’Etat provides insight into sufficient safeguards for EU personal data accessed from the US

Laurie-Anne Ancenys

On 12 March 2021, the Conseil d’Etat, the highest administrative court of France, issued a decision that might have significant impact on personal data transfers to third countries in the aftermath of the Schrems II decision of the Court of Justice of the EU (CJEU). The Counseil d’Etat dismissed an interim relief claim filed by healthcare Read More