FEDERAL DECREE-LAW NO. (45) OF 2021 ON PERSONAL DATA PROTECTION
Read the full text.
(more…)United Arab Emirates – Federal Decree-Law No.(45) of 2021 on Personal Data Protection
January 2nd, 2022 | Posted by in Legislation | World - (0 Comments)GDPR developments under focus on day one of PrivSec Global
September 22nd, 2021 | Posted by in Conference | Data Transfer | Europe | Privacy | World - (0 Comments)
A New Framework for Transfers of Personal Data EU and Korea Conclude Adequacy Decision Talks
June 25th, 2021 | Posted by in Data Transfer | Europe | Privacy | World - (0 Comments)BACKGROUND
On 30 March 2021, the European Commission, in a joint statement with the Personal Information Protection Commission, the data protection authority of the Republic of Korea (Korea), declared that Korea ensured a level of protection for personal data that is similar to the level provided in the European Union (the EU) and, as such, is a jurisdiction deemed “adequate.” Further to this joint declaration, the European Commission completed its internal procedures and formally adopted the substance of this joint statement in a draft adequacy decision published on 14 June 2021. Once finalized, businesses will be allowed to transfer personal data freely from the EU and European Economic Area (EEA) to Korea without being required to provide further safeguards as required for “third country transfers” under the EU General Data Protection Regulation 2016/679 (GDPR). Once so adopted, the adequacy decision would cover transfers of personal data to commercial operators located in Korea, as well as Korean public authorities. However, the transfer of personal credit information that is subject to jurisdiction of Korea’s Financial Services Commission will be excluded from the coverage of the adequacy decision.
The adequacy decision only relates to the transfer of personal data from the EU/EEA to a recipient in Korea, but it does not cover the general applicability of GDPR. In this context, any company (even outside the EU/EEA) that directly collects personal data from EU residents in connection with offering goods or services or monitoring of behavior of EU residents will still need to comply with the obligations set out in the GDPR for its collection of personal data. Also, significantly, the adequacy decision only covers data flow in one direction, from the EU to Korea, but not in the opposite direction, i.e., from Korea to the EEA. As noted below, barring any further statutory amendments, Korean privacy laws still require data handlers to obtain the consent of data subjects (as opposed to an opt-out) prior to transferring their personal data outside of Korea.
The conclusion of adequacy talks between Korea and the European Commission is a major step in their ongoing four-year dialogue regarding mutual recognition of personal data protection regimes. Korea has been preparing for this adequacy decision since 2015, when the Korean government established a joint public-private sector task force, which was charged with conducting data regulation-related feasibility studies, self-assessments, and comparative analyses in preparation for the first round of adequacy negotiations with the EU in 2017. After two extensive rounds of adequacy negotiations between the representatives of the European Commission and Korea ended without an adequacy finding, Korea decided to make significant amendments to its data protection laws. Such amendments were enacted by the National Assembly, Korea’s national legislature, in January 2020 and became effective in August 2020, thus paving the way for the March 2021 joint statement.
(more…)GDPR – Data Transfers 2.0: Navigating Through Post-Schrems II Waters
June 11th, 2021 | Posted by in Data Transfer | Europe | Privacy | World - (0 Comments)Depending on whether you are an optimist or a pessimist, it will have taken the European Commission either three years and two weeks (since the entry into force of the General Data Protection Regulation (GDPR) or eleven months (since the Schrems II decision — see our Alert here) to publish its finalized revision of the most flexible tool to allow for the transfer of personal data to partners located in countries not otherwise providing an adequate level of data protection (Adequate Countries): the Standard Contractual Clauses (SCCs).
While Schrems II made headlines with its cancellation of the Privacy Shield framework, this mechanism only affected 5,000 companies in the United States. SCCs, on the other hand, remain the most widely used instrument to ensure an end-to-end sufficient level protection of personal data covered by European data protection. With their original version dating back 2001, an update was severely needed to align them with GDPR’s extensive reach and requirements.
IN A NUTSHELL:
- The new SCCs were published on 4 June 2021:
- Starting on 27 June 2021, companies will need to transition to the new SCCs;
- On 27 December 2022, companies must have finalized their transition to the new SCCs.
- Affected companies include:
- EU-based entities sharing data with partners and providers located in countries deemed not to offer an adequate level of protection;
- Non EU-based entities otherwise subject to GDPR’s extensive territorial reach (see our Alert here) sharing data with partners and providers located in countries deemed not to offer an adequate level of protection; and
- Non-EU based entities receiving or processing personal data from or on behalf of EU-based partners or non-EU partners otherwise subject to GDPR.
- Key new elements include:
- Data exporting entities will need to assess the importing countries’ regulatory framework;
- Where such framework cannot safeguard the transferred data subject to GDPR, additional measures must be implemented contractually, organizationally and/or technically;
- Each and every step of the assessment, and the relevancy of the remediation measures, must be thoroughly documented; and
- In the case of a controller/processor/sub-processor relationship, the new SCCs consolidate the requirements into a single agreement addressing the data processing requirements under Article 28 GDPR and the data transfer agreement.
- While the new SCCs provide for a general framework, many issues are left to:
- The expected interpretation and guidance from the European Data Protection Board (EDPB); and
- Contractual negotiations between the stakeholders.
Global Data Review: Introducing the GDR 100
January 25th, 2021 | Posted by in Privacy | Rankings | World - (0 Comments)This article names K&L Gates among Global Data Review’s inaugural GDR 100, a ranking of the world’s best data law firms. The GDR 100 is the only global ranking that captures the capabilities, track record, and market reputation of the leading firms in the field. The ranking is based on in-depth submissions submitted by hundreds of law firms around the world, and profiles K&L Gates lawyers including Melbourne partner Cameron Abbott and Paris partner Claude-Etienne Armingaud. Read the article here (subscription required).
IAPP Data Protection Intensive France #DPI20
February 13th, 2020 | Posted by in Communication | Conference | Europe | France | Privacy | World - (0 Comments)Les 12 et 13 février 2020, l’IAPP organise sa conférence “Data Protection Intensive: France” — retrouvez nous lors du panel “Global Developments: CCPA and Beyond” avec Delphine Charlot de Mastercard et les meilleurs moments ci-dessous:
(more…)Experts concerned about legal gaps on autonomous cars
March 8th, 2017 | Posted by in Connected Cars | Europe | France | IT | Legislation | Press | World - (0 Comments)New China Article:
“However, the convention has been signed by 75 contracting countries only, said Claude-Etienne Armingaud, Paris partner at K&L Gates. One of the most notable absentees is the United States, he added.“
Read full article here.
New China Article:
“However, the convention has been signed by 75 contracting countries only, said Claude-Etienne Armingaud, Paris partner at K&L Gates. One of the most notable absentees is the United States, he added.“
Read full article here.
-
Load More
Oh come on, Monday... https://lnkd.in/eV3gqdh7
Well, here we go with Episode 2 of K&L Gates #GatewayToPrivacy!
Take a road trip across the US and its myriad of #privacy laws -- fear not, Whitney McCollum and @JakeBernsteinWA are the best navigators you could hope for on this j…https://lnkd.in/edMujebH https://lnkd.in/eFhVxznuWell that's a wrap on #DPI23 France and what a blast it's been!
A huge thank you to every one at IAPP - International Association of Privacy Professionals who made it possible (and especially Isabelle, Nils, and Caroline Crouzette, my wonderful partner i…https://lnkd.in/eN2BrExGWe've heard a lot about SCCs, BCRs and even Codes of Conduct over the #DPI23 France conference--now let's turn to another trick up #GDPR's sleeve with our first hybrid panel: Fabrice Naftalski, Grit Karg, @GDPMOBILE and Sébastien Z. with a focus on #Healt…https://lnkd.in/evcqCvAb
#ArtificialIntelligence and #DataProtection at global level. How can we navigate?
It all starts with a #DPI23 gym class thanks to Léa Richard Julia Collinet @Cody__Olson and Killian Vermersch!
#PrivacyPros #GDPR #AI https://lnkd.in/eJsE5sab
Copyright © 2023 All rights reserved.
Designed by 