Photo of Christopher Foo

As 2022 draws to a close, the international data transfer landscape from Europe continues to be dynamic, with anticipated updates including a further milestone on the Transatlantic Data Privacy Framework (“Framework”) for EU to U.S. data transfers, a new set of model clauses for data transfers to non-EU data importers who are already within the scope of the GDPR, and continued developments in cookie monitoring and enforcement.

Continue Reading What Do EU Data Transfers Have In Common with the Holidays? It’s All About the Clauses

On July 18, 2022, the UK Government introduced into Parliament the Data Protection and Digital Information Bill (the Data Reform Bill), which proposes legislation to reform the UK data protection regime.  A recent article in Entertainment Law Review by Ropes & Gray attorneys Rohan Massey, Christopher Foo & Edward Machin analyzes the Data Reform Bill’s

As smartphone capabilities and the ubiquity of their usage increases, an increasing number of functions that were previously performed by standalone devices have now moved into the app ecosystem – but doing so raises the risks of personal data misuse, and consequently regulatory scrutiny under data privacy laws. Recent advice and comments provided by EU data protection regulators regarding Qatar FIFA World Cup apps highlight this risk.

Continue Reading EU Regulators’ Comments on World Cup Apps Highlight Data Protection Risks

On 7 October 2022, the White House issued an Executive Order, as well as an accompanying Fact Sheet, which sets out the foundations for the Transatlantic Data Privacy Framework (“Framework”).

Since the decision of the Court of Justice of the European Uon (“CJEU”) in the Schrems II case in mid-2020, organizations have not

On 17 June 2022, the UK government released its much anticipated response to the consultation on the reform of the UK data protection regime. As part of the UK’s post-Brexit national data strategy, the consultation gathered responses on proposals aimed at reforming the UK’s data protection regime to boost the UK economy. In its response, the UK government has signalled which of the proposals it will be proceeding with and are likely to appear in an upcoming Data Reform Bill.

Overall, these reforms do not overhaul the existing UK data protection compliance regime, which is derived from EU legislation such as the General Data Protection Regulation and ePrivacy Directive. Instead, the proposals are incremental and largely modify obligations that organizations will be familiar with under the existing regime. As expected, these reforms are largely business-focused, with an overall aim of reducing compliance burdens faced by businesses of all sizes and facilitating the use (and re-use) of data for research.

Continue Reading UK Government Publishes Its Response on the Reform of the UK Data Protection Regime

A recent decision by the Austrian Supervisory Authority (“SA”) casts a spotlight on the complexities of data transfers and cookie use, and highlights a shift in regulatory focus onto these topics in the year ahead. Regulators around Europe are increasingly beginning to weigh in on such transfers, and the outcomes of their deliberations will shape the data transfer compliance landscape in the months to come. These decisions present complex questions about the future of data transfers in the EU and UK.

Continue Reading Increased EU Scrutiny of US Data Transfers Through Cookie Use