The European Union (EU) and the United Kingdom (UK) finally came to an agreement on 24 December 2020 (EU-UK Trade and Cooperation Agreement, the Agreement), less than ten days after the European Data Protection Board (EDPB) published a statement on the consequences a no-deal situation would have on the flows of personal data between the EU and the UK (for previous coverage of General Data Protection Regulation (GDPR) and Brexit, please see our alert here). This statement has since been updated on 13 January 2021.
(more…)Author Archives: Claude-Etienne Armingaud
GDPR/Brexit – Brexit and European Data Protection – For Auld Lang Syne, My Dear!
January 20th, 2021 | Posted by in Data Transfer | Privacy - (0 Comments)GDPR/Brexit – Brexit, GDPR, and the Timeline for Data Breaches
January 19th, 2021 | Posted by in Data Breach | Data Transfer | Europe | Privacy - (0 Comments)As of 1 January 2021, the Brexit transition period (Transition Period) ended, and the United Kingdom (UK) officially finalized its exit from the European Union (EU) and the 11th-hour commercial agreement (Agreement) should allow for a smoother transition on the data protection front as the General Data Protection Regulation (GDPR) stops being directly applicable to the UK. It also provided the UK with a six-month grace period to hope for an adequacy decision that would allow for the free transfer of personal data from the EU to the UK.
As the European Data Protection Board (EDPB) amended on 13 January 2021 its Brexit communications² further to the Agreement (Communications), it only addresses:
- The issue of data transfers from the EU to the UK;
- The end of the One-Stop-Shop (OSS) mechanism for the UK; and
- The need for UK entities that would be subject to GDPR to appoint a representative further to Art. 27 GDPR.
However, aside from enacting the end of the OSS and commenting that “the EDPB has been liaising with the ICO [Information Commissioner’s Office, the UK’s Supervisory Authority] over the past months in order to enable a smooth shift to this new situation by ensuring that the EEA authorities follow a shared and efficient approach in handling the existing complaints and cross-border cases involving the ICO, whilst minimizing delays and possible inconveniences to affected complainants[,]” the EDPB did not comment on how such collaboration will effectively play out for companies whose lead Supervisory Authority was the ICO.
Read the full article on Radar First blog.
- Adoption of the minutes and of the agenda, Information given by the Chair
- Minutes of the 42nd EDPB meeting
- Draft agenda of the 43rd EDPB meeting
- Consistency mechanism, Guidelines and EDPB
- Key Provision ESG
- Guidelines on restrictions under Article 23 GDPR
- Financial Matters ESG
- Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR (after public consultation)
- International Transfer ESG
- Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies (after public consultation)
- Key Provision ESG
- Current Focus of the EDPB Members
- Data Governance Act COM (2020) 767 proposal – presentation by European Commission
- Information about the European Commission request for a joint EDPS-EDPB opinion regarding the Data Governance Act
- EDPB Strategy
- Support Pool of Experts
- Request for information from the European Commission regarding Brexit state of play (end of transitional period as well as the impact on EU-UK data flows and further information on possible adequacy decisions)
- Information note on data transfers under the GDPR to the United Kingdom after the Brexit transition period
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- Cooperation ESG
- [BREXIT] Involvement of the UK SA in cooperation and consistency mechanisms
- Review of the internal documents on local cases
- Handling cross border complaints against public bodies or authorities – request for mandate
- Guidelines on handling complaints: revision of the mandate – request for mandate
- Compliance, e-Government and Health ESG
- Guidelines on certification criteria assessment – request for mandate
- Financial Matters ESG
- Statement on the protection of personal data processed in relation with the prevention of money laundering and terrorist financing
- International Transfers ESG
- Art. 64 GDPR Opinion on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of Equinix
- Compliance, e-Government and Health ESG
- Stakeholder event on processing of data for medical and scientific research purposes – request for mandate
- Technology ESG
- Guidelines on anonymisation / pseudonymisation – request for mandate
- EDPB Secretariat
- 2021 February plenary
- Survey future meetings post COVID
- Cooperation ESG
- Any other business
- Adoption of the minutes and of the agenda, Information given by the Chair
- Minutes of the 41st EDPB meeting
- Draft agenda of the 42nd EDPB meeting
- Publication of minutes of 40th Plenary meeting
- Request to extend the deadline for public consultation re recommendation 01/2020 on sup. measures
- Current Focus of the EDPB Members
- Presentation by the European Commission of the new (updated) two sets of SCCs
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- Technology ESG
- Statement on eprivacy regulation
- Letter to News Media Europe and others regarding cookie walls
- International Transfer ESG
- Template for BCR approval decision by a supervisory authority
- Technology ESG
- Any other business
41st EDPB Meeting
November 17th, 2020 | Posted by in Data Transfer | Europe | Privacy - (0 Comments)- Adoption of the minutes and of the agenda, Information given by the Chair
- Minutes of the 40th EDPB meeting
- Draft agenda of the 41st EDPB meeting
- Current Focus of the EDPB Members
- Art. 65 ongoing procedure
- Draft Art. 65 Decision
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- Recommendation on measures that supplement transfer instruments to ensure compliance with the EU level of protection of personal data
- Update of the European Essential Guarantees recommendations
GDPR/Brexit – What Future For UK-EU Data Flows
October 29th, 2020 | Posted by in Data Transfer | Europe | Privacy - (0 Comments)With the Brexit transition period ending on 31 December 2020, and no deal in sight, the future of cross-border data transfers between the European Economic Area (the EEA) and the United Kingdom remains unclear. On 1 January 2021, the United Kingdom will be considered as a “third country” and, unless a Brexit deal is proposed dealing with data protection and how data transfers between the EEA and the United Kingdom are to be treated, it could be significantly more difficult for European Union (EU)-based entities to transfer personal data to the United Kingdom.
(more…)- Adoption of the minutes and of the agenda, Information given by the Chair
1.1. Minutes of the 39 th EDPB meeting
1.2. Draft agenda of the 40th EDPB meeting - Current Focus of the EDPB Members
2.1. Recommendation on measures that supplement transfer instruments to ensure compliance with the EU level of protection of personal data – state of play
2.2. Review of the Adequacy Decision of Japan - Consistency mechanism and Guidelines
3.1. Guidelines 04/2019 on Article 25 Data Protection by Design and by Default (after public consultation) - FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
4.1. Cooperation ESG Brexit-related matters
4.2. Enforcement ESG
Coordinated Enforcement Framework
4.3. Technology ESG
Response letter to Mr A. Dix on the copyright directive1
4.4. Financial Matters ESG
Statement and possible letter regarding data protection and current framework on anti-money laundering and countering terrorist financing – request for mandate
4.5. Secretariat
Implementation of SEC DPO rules
Consistency procedure for Art. 46.3(b) GDPR administrative arrangements - Any other business
🇺🇸 The Future of Work in a Post-COVID-19 Work Environment
October 16th, 2020 | Posted by in Conference - (0 Comments)We are currently experiencing an interesting time in our economy around the future of work. In describing the future of work, there are four main aspects that come into play: (i) People will be able to work remotely and with flexible schedules; (ii) New industries and jobs will be created complementary to technology; (iii) There will be more entrepreneurship and self-employment; and (iv) Due to technology advancements, there will be fewer jobs that require humans.
Against this backdrop, the COVID-19 outbreak pointed out that these new working norms are going to become the future. In fact, more and more companies wonder whether people can work effectively and achieve a level of work-life balance in light of these new working conditions. At the same time, there is considerable research showing that diversity can be the answer to these considerations, leading to a significant performance advantage.
As law firms around the world have been forced into an unplanned experiment with remote and flexible working, the webinar will aim to explore what the new COVID-19 reality means for the workforce and how can they embrace the pandemic’s opportunities for learning and thriving in the workplace.