General Data Protection Regulation

Schrems II – Portuguese DPA suspends data transfer to the US by public entity that relied on standard contractual clauses

Nigel Parker

On 27 April 2021, the supervisory authority of Portugal (CNPD) issued a resolution that required the National Institute of Statistics (INE) to suspend, within twelve hours, the transfer of data collected as part of the 2021 census surveys to the US or any other third country without adequate data protection. The CNPD specifically referred to Read More

No Comments

EU – EDPB adopts positive opinions on draft UK adequacy decisions and adopts final Guidelines on targeting of social media users

Nigel Parker

On 14 April 2021, the European Data Protection Board (EDPB) announced the outcomes of its 48th plenary session held on 13 April 2021. The EDPB adopted two opinions on the draft UK adequacy decisions in relation to data transfers based on the GDPR and the Law Enforcement Directive (the LED). The EDPB confirms the conclusions Read More

No Comments

Are UK employers right to be testy about Covid-19? Key considerations on mandatory workplace testing

Benjamin Scrace

In guidance published by the Department of Health and Social Care, the UK government encourages private employers to provide Covid-19 coronavirus testing to their workers: “We want as many employers as possible to sign up to regularly test their employees”. Before implementing a workplace testing programme, UK employers should consider carefully whether their approach is Read More

No Comments

Schrems II Update – EU-US to intensify new Privacy Shield talks, US Congressional Research Service issues new report and German DPA applies Schrems II

Nigel Parker

In the past weeks, there have been a number of developments related to the consequences of the European Union Court of Justice (CJEU) decision in Schrems II. The most noteworthy developments are summarised below. Intensified talks on enhanced EU-US Privacy Shield framework On 25 March 2021, the EU Commissioner for Justice Didier Reynders and the Read More

No Comments

Schrems II: French Conseil d’Etat provides insight into sufficient safeguards for EU personal data accessed from the US

Laurie-Anne Ancenys

On 12 March 2021, the Conseil d’Etat, the highest administrative court of France, issued a decision that might have significant impact on personal data transfers to third countries in the aftermath of the Schrems II decision of the Court of Justice of the EU (CJEU). The Counseil d’Etat dismissed an interim relief claim filed by healthcare Read More

No Comments

EU – EDPB plenary session update

Nigel Parker

On 10 March 2021, the European Data Protection Board (EDPB) published a press release about its 46th plenary session held on 9 March 2021. We look at some of the highlights below. Statement on proposed ePrivacy Regulation The EDPB raises concerns regarding several core provisions of the proposal for the ePrivacy Regulation adopted by the Read More

No Comments