Blog
Remediating SCCs deadlines: are you ready?
REMINDER - 27 December 2022 is the deadline for updating your old EU SCCs, as after that date they will no longer be valid as a safeguard for transfers of personal data under EU GDPR. If your live contracts contain the old SCCs, do get in touch about our remediation services – including our automated software tools – for assistance in remediating your transfer documentation, whether for the new EU SCCs or the post-Brexit UK GDPR transfers safeguards. Our timeline pullout (here) has the key international transfers deadlines for your calendar.
Stabilising transatlantic data flows: Examining the role of the new EU-US Data Privacy Framework
The Executive Order
On 7 October 2022, US President Joe Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the "Executive Order"). The Executive Order is a key part of the EU-US Data Privacy Framework (the "Framework"), which is intended to replace the Privacy Shield safeguard for EU GDPR personal data exports to the United States of America. Alongside the Executive Order, the Attorney General signed Department of Justice Regulations (Attorney General Order No. 5517-2022) (the “Regulations”) which are designed to complement the Framework in stabilising trans-Atlantic transfers.
The fourth anniversary of the GDPR: what's happened and what's next
On the 25 May 2018, the General Data Protection Legislation ("GDPR") came into effect in the EU. Since then, the global data protection stage has seen many key developments. Four years on, the GDPR has become the new world standard for privacy and data protection, with as many as 20 countries around the world introducing new legislation that uses the GDPR as a model to shape their own data protection principles. On this anniversary, we look back at the key privacy milestones since 2018 and consider what the future of the GDPR looks like for UK businesses.
Data Reform Bill announced in Queen’s Speech
On 10 May 2022, it was announced in the Queen's Speech that the UK's data protection regime will be reformed through the introduction of the Data Reform Bill (the "Bill"). This follows the Government's consultation paper on reforms to the UK's data protection regime last September.
Facial recognition goes to war: How AI is being used in Ukraine
The Ukrainian government is reportedly using software developed by Clearview AI Inc. ("Clearview") to identify the bodies of Russian soldiers, killed in combat, to inform their family of their death.
Guidance issued by the EDPB on international transfers of personal data
On 18 November 2021, the European Data Protection Board (the "EDPB") adopted guidelines (the "Guidelines") on the interplay between Article 3 and Chapter V of the EU General Data Protection Regulation ("GDPR"). The objective of the Guidelines is to assist data controllers and data processors, especially those within the EU, with identifying an international transfer. The Guidelines are also intended to address uncertainties that have emerged following the European Commission's new standard contractual clauses, published in June 2021.
Uber accused of using discriminatory facial verification software
An employment tribunal claim has been filed against Uber by one of its drivers over its use of allegedly racially discriminatory facial-verification software.
Facebook shuts down facial recognition system after personal data concerns
Facebook has said it will delete more than 1 billion people’s individual facial recognition data in light of concerns around data protection and ethics. Concerns had been raised that facial recognition technology could compromise privacy, target marginalised groups and normalise intrusive surveillance.
Summary judgment confirms de minimis threshold continues to apply for data breaches
Judge holds that it was "not appropriate" for parties to make claims in the High Court for data protection breaches which were "frankly, trivial".