On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran
Data Transfer
China Proposes to Ease Oversight of Cross-Border Transfer of Personal Information
On September 28, 2023, the Cyberspace Administration of China (“CAC”) issued a Draft Rule on the Regulation and Facilitation of Cross-Border Transfer of Personal Information (the “Draft Rule”). The Draft Rule seeks to streamline the security requirements pertaining to cross-border transfer of personal information under certain circumstances. The Draft Rule is open for comments from the public until October 15, 2023.Continue Reading China Proposes to Ease Oversight of Cross-Border Transfer of Personal Information
From Likes to Strikes: The Implications of the Record-Breaking EU €1.2 Billion GDPR Fine
On 22 May 2023, the Irish data protection regulator (DPC) announced that it had issued a record-breaking €1.2 billion fine in a decision relating to non-compliant EU-to-U.S. data transfers under the GDPR. This fine imposed by the DPC substantially overshadows the previous record of €746 million under the GDPR, and raises several concerns for organisations transferring personal data from the EU to the U.S.Continue Reading From Likes to Strikes: The Implications of the Record-Breaking EU €1.2 Billion GDPR Fine
China Releases the Standard Contract for Cross-Border Transfer of Personal Information
On February 22, 2023, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Measures for the Standard Contract for Cross-Border Transfer of Personal Information (the “Measures”), along with the final version of the standard contractual clauses for cross-border transfer of personal information stipulated under the Personal Information Protection Law (the “PIPL SCCs”).
UK Data Protection Regulator Updates its Guidance on Data Transfers
Introduction
Ahead of its much-anticipated guidance on the UK International Data Transfer Agreement / Addendum (IDTA) (the United Kingdom’s version of the EU standard contractual clauses (EU SCCs)), the UK data protection regulator, the Information Commissioner’s Office (ICO), has revised its guidance on international transfers of personal data under the UK GDPR (Transfer Guidance).Continue Reading UK Data Protection Regulator Updates its Guidance on Data Transfers
The Data Day: World Data Protection Day and 2023 Trends & Hot Topics
Tune in to the first episode of Ropes & Gray’s new podcast series, The Data Day, brought to you by the firm’s data, privacy & cybersecurity practice. This series will focus on the day-to-day effects that data has on all of our lives as well as other exciting and interesting legal and regulatory developments…
Decoding Digital Health: Trans-Atlantic Transfers of Health Data
The Ropes & Gray Decoding Digital Health podcast series discusses the digital health industry and related legal, business and regulatory issues. In this episode, Digital Health Initiative co-lead and health care partner, Christine Moundas, interviews health care partner and member of the digital health group, David Peloquin. They discuss the legal challenges and potential solutions…
UK GDPR: What Will 2023 Hold for International Data Transfers?
International transfers of personal data under the UK GDPR are set to continue to be a key topic in 2023, in particular, regarding new UK adequacy regulations, transatlantic data flows, and updated guidance regarding the UK’s International Data Transfer Agreement (IDTA).
While 2022 saw the Department for Digital, Culture, Media & Sport (DCMS) and ICO comment on imminent updates on these issues, very little has actually materialised, leaving businesses and commentators alike hopeful that 2023 will be a year of increased certainty when undertaking restricted international transfers subject to the UK GDPR.Continue Reading UK GDPR: What Will 2023 Hold for International Data Transfers?
What Do EU Data Transfers Have In Common with the Holidays? It’s All About the Clauses
As 2022 draws to a close, the international data transfer landscape from Europe continues to be dynamic, with anticipated updates including a further milestone on the Transatlantic Data Privacy Framework (“Framework”) for EU to U.S. data transfers, a new set of model clauses for data transfers to non-EU data importers who are already within the scope of the GDPR, and continued developments in cookie monitoring and enforcement.Continue Reading What Do EU Data Transfers Have In Common with the Holidays? It’s All About the Clauses
China Promulgates New Implementing Rules to Facilitate Cross-Border Transfers of Data
On July 7, 2022, the Cyberspace Affairs Commission (“CAC”) of China issued the Measures on Security Assessment of Cross-Border Data Transfer (the “Security Assessment Measures”), which sets out the security assessment framework for cross-border data transfers. The Security Assessment Measures will become effective on September 1, 2022. In conjunction with the…