Since the joint announcement by US President Joe Biden and European Commission President Ursula von de Leyen, on 25 March 2022, of an agreement in principle on the long-awaited replacement to the EU-US Privacy Shield, transatlantic data flows have again become the focus of GDPR discussions. The lack of details provided to date has, however, resulted in many organisations (and legal commentators alike) wondering where this leaves them.

Should US organisations prepare for certification to yet another incarnation of the Safe Harbor (which will almost certainly be subject to prompt legal challenge in the form of Schrems III)? Should organisations subject to the GDPR continue with their transfer impact assessments and the uncertainty of the standard contractual clauses (“SCCs”) when transferring personal data to the US? Will the new safeguards have any impact on the SCCs at all? And how will this affect transfers to the US from the UK or other non-EU jurisdictions?

Representatives of the US Government and the European Commission recently provided some much-needed context, including further details around the timing of the replacement framework and of the potential shape of the new redress mechanism. Their comments offer some hints about the UK’s approach to transatlantic and other international data flows.

Continue Reading Transatlantic Data Flows – Where Are We Now?

GDPRThe COVID-19 pandemic has forced organizations to reconsider their working arrangements and how employees interact with both internal and external clients and stakeholders. In the pursuit of maintaining a “business as usual” approach, many UK employers have questioned whether they can continue to effectively monitor their non-furloughed employees’ performance when all but those in essential roles are working remotely.


Continue Reading Employee Monitoring During the COVID-19 Lockdown GDPR Considerations Revisited