Another victory for privacy as Brazilian GDPR is approved

Following approval by the Brazilian Congress of the new "Brazilian GDPR" this past July, the President of Brazil has approved the Lei Geral de Proteção de Dados Pessoais or “LGPD”, aiming to improve privacy standards and personal data protection in the country.   The new Brazilian privacy legislation, Law n. 13.709/2018, amends previous privacy-related legislation in the country, namely ...

100 cross-border cases in the Internal Market Information System (IMI) under investigation: consistency is paramount

After the second plenary meeting of the European Data Protection Board, which took place on 4 and 5 July 2018, a substantial increase in the number of complaints received by Supervisory authorities has emerged.  In fact, at present there are approximately 100 cross-border cases in the Internal Market Information System (IMI) under investigation. The first results ...

Europe and Japan to speak the same privacy language

On 17 July 2018, the EU and Japan announced the conclusion of discussions on reciprocal adequacy of their legal systems, agreeing to create the world's largest area of safe data flows.  You can read the official press release here. The successful conclusion of the EU-Japan data protection-related talks is very good news for everyone. It will ...

EU-US Privacy Shield at risk

Earlier this month MEPs from the Civil Liberties Committee brought attention to the necessity of better monitoring Privacy Shield by way of a Motion for a Resolution to wind up the debate on the statement by the Commission pursuant to Rule 123(2) of the Rules of Procedure on the adequacy of the protection afforded by the EU-US ...

#Art29WP publishes Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR

On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are to be ...

Privacy Shield passes Commission’s annual review

Today the European Commission published its first annual report on Privacy Shield, which is of fundamental importance with respect to international data transfers, having implications for both the EU and US economies. After one year, the Commission has confirmed that Privacy Shield is fit for its purpose, protecting the data of subjects whose data is ...

EU-Canada PNR Agreement is incompatible with EU fundamental rights

The Court of Justice of the European Union recently issued an opinion determining that the agreement envisaged between the EU and Canada on the transfer of Passenger Name Record (PNR) data may not be concluded in its current form, since several provisions of the draft agreement don't meet requirements stemming from the fundamental rights of the European ...

Brexit and the future of data transfers to the UK

On 29 March 2017 Theresa May, the Prime Minister of the United Kingdom, officially invoked Article 50 of the Treaty on European Union, effectively triggering Brexit.  But what does that mean for us as data protection and privacy experts and how will companies be affected by Brexit? The Lisbon Treaty establishes that countries exiting the EU ...

Article 29 Working Party publishes Privacy Shield enforcement documents

The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of all ...