The Seventh Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

The seventh edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection, and cybersecurity landscape in a time of unique workplace challenges, new dimensions to cybercrime, significant new data protection regimes coming into effect around the world, and increased scrutiny from regulators, Boards of Directors and customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.

Read More

EmailShare

Guidelines Published for Changes to the Singapore Data Privacy Regime

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). We have summarized the PDPA Amendments in our previous client Update. The Advisory Guidelines address operational details on key amendments, as summarized below.

Read More

EmailShare

Five Sidley Practices Recognized as Law360 “Practice Groups of the Year”

Sidley was named to Law360’s 2020 “Practice Groups of the Year” in five categories:

  • Compliance
  • Fintech
  • International Arbitration
  • International Trade
  • Structured Finance

With an eye toward landmark matters and general excellence, the annual awards honor the law firms behind the litigation wins and major deals that resonated throughout the legal profession. Law360 commended Sidley for being only one of five firms to have five winning practices.

EmailShare

Important Changes to the Singapore Data Privacy Regime

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). The changes become law once a government gazette is passed (possibly before the end of 2020). If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We have organized a number of these drills for clients in preparation for breach notification requirements in Australia and now Singapore.)

Read More

EmailShare

European Commission Proposes Revised Standard Contractual Clauses

The European Commission (EC), on 12 November 2020, published a draft decision implementing revised Standard Contractual Clauses (draft SCCs) – (the EC’s Draft). The EC’s Draft was published following the Court of Justice of the European Union’s (CJEU) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), which found (amongst other things) that supplementary protections may need to be implemented when SCCs are used to ensure an ‘essentially equivalent’ level of data protection. The publication of the EC’s Draft comes just one day after the European Data Protection Board (EDPB) published its draft recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling. The EC’s Draft is open for public consultation until 10 December 2020, after which it will undergo a process of review by representatives of every EU Member State (the Committee) who will each need to provide a positive opinion in relation to the EC’s Draft as part of the EU examination procedure. The European Data Protection Supervisor must also be consulted and it is recommended that the EDPB is consulted. The EC’s College of Commissioners may then adopt the EC’s final decision

Read More

EmailShare

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (“Schrems II”), the European Data Protection Board, tasked with overseeing compliance with the GDPR (“EDPB”), on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (“EEA”) may comply with the Schrems II ruling. These recommendations are applicable immediately but are open for public consultation until November 30. Information on submitting public comments is accessible here.

In Schrems II, the CJEU invalidated the EU-U.S. Privacy Shield program (“Privacy Shield”) and potentially required supplementary protections to be implemented when Standard Contractual Clauses (“SCCs”) are used to ensure an ‘essentially equivalent’ level of data protection.  Under the GDPR, personal data transfers outside the EEA to jurisdictions which are not found to provide an ‘adequate level of protection’ to the data, are restricted unless appropriate safeguards are implemented.  The Privacy Shield and SCCs were two key appropriate safeguard mechanisms used to legitimize transfers of personal data outside the EEA to ‘non-adequate’ recipient countries, referred to as “Third Countries.”

Read More

EmailShare
1 2 3 91
EmailShare
XSLT Plugin by BMI Calculator