The long-awaited successor to the Privacy Shield has finally arrived. Like the Privacy Shield, the new program, dubbed the Data Privacy Framework (DPF), provides for a self-certification process allowing U.S. companies to receive transfers of personal data from the European Union, the United Kingdom and Switzerland. The DPF emerged from three recent political developments: Some ... Read More » about The Data Privacy Framework Has Landed! How to Reap the Benefits

The post The Data Privacy Framework Has Landed! How to Reap the Benefits appeared first on Cross-Border Privacy.

Last week I attended the IAPP Global Summit (the IAPP’s annual privacy bash), featuring privacy luminaries as keynote speakers and dozens of privacy-focused sessions. One particularly good session was about the proliferation of standard contractual clauses (SCCs) that permit cross-border data transfers. This session coincided with the Future of Privacy Forum’s release of a report ... Read More » about Not-So-Standard Contractual Clauses

The post Not-So-Standard Contractual Clauses appeared first on Cross-Border Privacy.

Chapter V of the GDPR lays down the requirements for transfers of personal data from the EU to a third country. The requirements are pretty straightforward. The transfer must be based on either: But before Chapter V is even applicable, there must be a “transfer.” What constitutes a “transfer” isn’t self-evident, as the GDPR doesn’t ... Read More » about What Is an “International Data Transfer” Anyway?

The post What Is an “International Data Transfer” Anyway? appeared first on Cross-Border Privacy.

In my previous blog post, I reviewed the recent opinion of the European Data Protection Board that considers whether the proposed Privacy Shield replacement – the EU-U.S. Data Privacy Framework – provides “adequate protection” for EU-U.S. data transfers as required under the GDPR. The merits of that proposed framework aside, it needs a catchier name. ... Read More » about Renaming the Data Privacy Framework . . . With Help From ChatGPT

The post Renaming the Data Privacy Framework . . . With Help From ChatGPT appeared first on Cross-Border Privacy.

The latest development in the long road to a replacement for the Privacy Shield, which was shot down by the Court of Justice of the European Union in its Schrems II decision (2020), is the European Data Protection Board’s opinion adopted February 28, 2023 (Opinion 5/2023). That opinion looks at whether the newly proposed EU-U.S. ... Read More » about Don’t Start Your Engines Just Yet for Privacy Shield II

The post Don’t Start Your Engines Just Yet for Privacy Shield II appeared first on Cross-Border Privacy.

Pet peeve alert: it bugs me every time I see “personal data breach,” “security breach” or “security incident” defined in a DPA to include “suspected” as well as “actual” breaches or incidents. The GDPR definition of “personal data breach” is perfectly adequate: “personal data breach” means a breach of security leading to the accidental or ... Read More » about Actual vs. Suspected Security Breaches Under DPAs

The post Actual vs. Suspected Security Breaches Under DPAs appeared first on Cross-Border Privacy.