Menu

PH Privacy

Practical Next Steps Following Invalidation of Privacy Shield
Following the decision last week by the Court of Justice of the European Union (CJEU) to invalidate the EU-U.S. Privacy Shield (further details on the decision can be read here), the question asked by many businesses has been: we transfer personal data to the U.S., what should we do now?
How Are Governments Reacting to the Invalidation of Privacy Shield?
Following the decision by the Court of Justice of the European Union (the "CJEU") on 16 July 2020 invalidating Privacy Shield and imposing potential constraints on the use of Standard Contractual Clauses ("SCCs") (more information on the decision itself can be read here), we are starting to see data protection authorities and other bodies across the EU, and globally, publicly discussing and commenting on the decision.
The Results Are in: Privacy Shield Has Been Declared Invalid but the SCCs Remain Valid
Following a decision from the Court of Justice of the European Union (the “CJEU”) today, it has now been confirmed that Commission Decision 2016/1250, also known as the EU-U.S. Privacy Shield Framework, is invalid as a mechanism for transferring personal data from the E.U. to the U.S. Conversely, the Court of Justice considers Commission Decision (2010/87/EU) on standard contractual clauses (“SCCs”) for the transfer of personal data to processors established in third countries to be valid.
The EDPB on Data Protection and COVID-19 in the EU
The European Data Protection Board (the EDPB) recently released two statements in quick succession relating to the effects of COVID-19 on data protection. The statements focused on: 1) interoperability of contact tracing apps; and 2) reopening of borders following the outbreak.
Proposed “California Privacy Rights Act” Explained (with Redline)
The California Privacy Rights Act (the “CPRA”) has enough signatures to qualify for inclusion in California’s November 2020 ballot. Though we still await the California AG’s final regulations on the CCPA, the CPRA would build upon the CCPA to impose additional requirements.
COVID-19 UK: The UK ICO Publishes Anticipated Guidance on Workplace Testing
While COVID-19 continues to affect businesses and individuals globally, the conversation with respect to workplaces is starting to change. The rules of lockdown in most countries required (and continue to require) that, where possible, employees work from home: this saw a huge shift and adjustment in how organisations function and operate on a day-to-day basis. However with many countries now starting to look towards softening the lockdown rules, this has led to many employers questioning what steps they may and should take when their employees return to the workplace to ensure the spread of COVID-19 is limited. One such method of lowering the spread in the workplace which has received a lot of attention is workplace testing, particularly temperature testing. For some organisations, requiring employees to undergo anti-body testing may also be a consideration. Testing of any nature would almost certainly always require the employer to process the personal data of the employee with most instances also involving special category data i.e. health data, and therefore would be subject to the laws of data protection in the United Kingdom and European Union.
Seventh Circuit Lowers the Federal Standing Threshold for Illinois Biometric Privacy Act Claimants
This week, the Seventh Circuit Court of Appeals issued a decision that opens the door to more frequent federal court determination of statutory claims under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1–99 (“BIPA”)
COVID-19 – New Federal Data Protection Bill Introduced
The new bill will contain protections for the personal information that is particularly at issue given the COVID-19 pandemic, including health, geolocation, and proximity data with the ultimate goal of providing U.S. citizens with more transparency, choice, and control over the collection and use of their personal information holding businesses directly accountable to their consumers.
Cyber Threats for UK and US Healthcare Organisations: A Joint Advisory Update
Further to our recently published article, the NCSC and CISA have published another joint advisory detailing the ongoing COVID-19 related criminal cyber attacks (the “Advisory”).
Timeline for Selected Global Privacy Compliance Activities in Light of COVID-19
As COVID-19 continues to disrupt business operations and compel a significant shift to a remote work environment for companies globally, both industry and government interests continue to consider – and selectively revise – their approach to the rapidly changing privacy landscape. Specifically, privacy-related legislation has become an increased point of focus, with various proposals to change the implementation and enforcement of certain jurisdictional deadlines.
1 2 3 4 5 6 7 8 9 >