IT law


Checklist for transferring personal data after schrems II

Checklist for transferring personal data after schrems II
26/11/2020

The CJEU ruling from 16 July 2020 in the Schrems II case created a lot of uncertainty for organisations transferring personal data outside the EEA. Not only was the EU-US Privacy Shield invalidated, the Court also imposed conditions for the use of standard contractual clauses (SCCs) as a mechanism to transfer personal data to non-EEA countries and this without any grace period. Any such transfer must at all times provide adequate safeguards to ensure a level of protection essentially equivalent to that provided by EU law. 

But how should this requirement be fulfilled in practice? Can the EEA-based party be expected to scrutinise all foreign law systems and decide whether additional legal safeguards are needed on a case-by-case basis? And which measures should it take? How should it provide adequate protection against access by public authorities in the non-EEA countries? How should it ensure that data subjects' rights or remedies are at all times respected?

Both the European Data Protection Board (EDPB) and the European Commission came up with some first practical guidance and instruments on 11 and 12 November respectively.

Read more
Recommendations on outsourcing to cloud service providers by (re)insurance companies

Recommendations on outsourcing to cloud service providers by (re)insurance companies
25/11/2020

The National Bank of Belgium (NBB) published 15 recommendations for (re)insurance companies that outsource to cloud service providers. These recommendations will apply as of 1 January 2021. In this article, we will briefly summarise these recommendations.

Read more
Transfers following Schrems II: more clarity

Transfers following Schrems II: more clarity
23/11/2020

On 11 November 2020, the EDPB published (in concept) its long-awaited recommendations concerning the transfer of personal data following Schrems II. Moreover, the European Commission (EC) also published new model contractual clauses on 12 November 2020 (also in draft). In this article, our data experts talk you through these documents and explain what you essentially need to know.

Read more
Transfer of personal data outside the EEA

Transfer of personal data outside the EEA
20/11/2020

In the Schrems II judgment of 16 July 2020, the Court of Justice ruled that the transfer of personal data outside the European Economic Area (EEA) on the basis of “standard contractual clauses” (SCCs) is only in compliance with the GDPR insofar as the recipient country offers an equivalent level of data protection as in the EU. In the meantime, recommendations have been issued on the supplementary measures which can be taken by companies if the legal framework in the third country does not provide sufficient protection, and a draft version of new SCCs has also been published.

Read more
EU Court of Justice clarifies concept of “informed consent” for collection of personal data

EU Court of Justice clarifies concept of “informed consent” for collection of personal data
19/11/2020

On 11 November, the Court of Justice of the EU (“CJEU”) rendered its judgment (Case C‑61/19) in a case (Orange România SA v. Autoritatea NaÅ£ională de Supraveghere a Prelucrării Datelor cu Caracter Personal) about informed consent.

Read more
New Belgian DPA decision: employee consent sometimes works

New Belgian DPA decision: employee consent sometimes works
18/11/2020

Yes, employee consent is possible in certain circumstances – but do not assume old processing activities fully comply. That, in summary, was the position of the Belgian Data Protection Authority (BDPA) in a decision of 9 November 2020 of its Litigation Chamber following a complaint by an individual against its employer, a Belgian hospital. 

Read more
The future of international data transfers: new SCCs and EDPB guidance

The future of international data transfers: new SCCs and EDPB guidance
16/11/2020

Christmas seems to have come early this year for everyone who is involved in data protection.

Read more
Finally some practical EDPB guidance on how to make international data transfers lawful

Finally some practical EDPB guidance on how to make international data transfers lawful
13/11/2020

After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “supplementary measures” in the context of international transfers of personal data –

Read more
Digital Services Act – A Status Update

Digital Services Act – A Status Update
04/11/2020

As part of the European Digital Strategy, the European Commission has announced a Digital Services Act package to strengthen the Single Market for digital services and foster innovation and competitiveness of the European online environment.

Read more
Data protection litigation: preparing to defend yourself – or attack

Data protection litigation: preparing to defend yourself – or attack
23/10/2020

If people were to look, they would probably conclude that you do not fully comply with data protection rules. Top of the line security always fails somewhere, typically at the human level, and the same reasoning applies to data protection compliance

Read more

Click here to see the ad(s)

LexGO Network