The European Commission's adequacy decision permitting data flows from Europe to the U.K. expires June 27 and there are concerns about U.K. legislative reforms to data protection rules, a March Parliamentary Research Services memo said.
The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.
The Swedish Data Protection Authority responded Monday to what it said were many questions about personal data transfers to the U.S. It noted that the 2023 EU-U.S. data privacy framework (DPF) permits trans-Atlantic data flows. A key factor underlying the European Commission's adequacy decision that permits such data transfers was the creation of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB).
Thirty years after the idea of restricting international data transfers was conceived, companies find themselves facing a greater level of "dogmatism" than ever and geopolitical tensions could take restrictions to an even higher level, Hogan Lovells privacy and cybersecurity attorneys said during a podcast. Driven by U.S. rules hampering some data flows to China and several other countries, personal data protection is morphing into national security protection. One way to navigate the maze could be a greater focus on binding corporate rules (BCRs), they said.
Privacy and data protection laws are mushrooming, with nearly 150 countries adopting such regulations, speakers said during a Thursday IAPP webinar. There are 144 nations with national data protection measures, covering nearly 82% of the world's population, IAPP said in an updated report.
“Data autarky,” a scenario where all economies fully restrict data flows, would prompt gross domestic product (GDP) losses of 4.5%, the Organisation for Economic Co-operation and Development said in a report Monday. Exports would decline 8.5%, added the OECD.
The European Commission and U.K. Information Commissioner's Office (ICO) are responding cautiously to questions about the implications for trans-Atlantic data flows of reports that Elon Musk is accessing the personal data of millions of Americans. However, the Danish Data Protection Authority (DPA) recently warned businesses that the activities of the Trump Administration could threaten the EU-U.S. Data Privacy Framework (DPF).
Life science companies should be aware of data-sharing restrictions under DOJ’s new rule banning cross-border data transfers to adversarial countries (see 2501070056), compliance attorneys said Monday.
The European Commission hasn't taken formal steps under the AI Act (AIA) concerning the DeepSeek AI chatbot, an EC spokesperson told us. However, several EU data protection authorities (DPAs) are probing whether DeepSeek has complied with the General Data Protection Regulation (GDPR).
French data protection authority CNIL Friday published the final version of its guide on impact assessment of data transfers. The guide aims to ensure that companies ensure the same level of protection as the General Data Protection Regulation (GDPR) in their data flows.