New European Union Dual-Use Regulation Enters Into Force

As from September 9, 2021, Regulation (EU) 2021/821 (EU Dual-Use Regulation Recast) replaces the existing Council Regulation (EC) 428/2009 setting up the European Union (EU) regime for the control of exports, transfer, brokering, and transit of “dual-use” items (EU Dual-Use Regulation). Dual-use items are sensitive goods, services, software, and technology that can be used for both civil and military purposes.

(more…)

UK Government Publishes UK Approach to International Transfers, Including Data Adequacy

On August 26, 2021, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) published its mission statement setting out the UK approach to adequacy assessments and international data transfers, alongside a Manual Template and Manual Guidance for undertaking adequacy assessments and an infographic map illustrating ten priority countries forming part of that process. This release forms part of a broader package of measures announced by DCMS to “seize the opportunities of data to boost growth, trade and improve its public services” following the UK’s exit from the EU, which included an announcement that John Edwards (the current New Zealand Privacy Commissioner) is the Government’s preferred nominee to be the next UK Information Commissioner. (more…)

UK ICO Opens Consultation on Data Transfer Agreements and Guidance

On 11 August 2021, the UK Information Commissioner’s Office (ICO) launched a public consultation on its draft international data transfer agreement and guidance (Consultation). The Consultation comes two months after the European Commission’s adoption of new EU Standard Contractual Clauses (EU SCCs) and the European Data Protection Board’s publication of the final Schrems II guidance. The EU SCCs do not automatically apply in the UK since its exit from the EU. Moreover, the ICO has not yet formally acknowledged the EU SCCs, i.e., as a valid data transfer mechanism under the UK GDPR.

(more…)

Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods

In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.

(more…)

Swiss Data Protection Authority Concludes Swiss-US Privacy Shield No Longer Valid for Swiss-US Transfers

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) concluded in a position paper published on 8 September that the Swiss-US Privacy Shield no longer provides a valid mechanism for the transfer of personal data from Switzerland to the US.

(more…)

Privacy and Cybersecurity Roundtable: Monitor-Side Chat Series

These informal video chats, moderated by Sidley partner Alan Raul, are designed to help fill the COVID-19 induced privacy discussion drought. We look forward to hearing what is on the mind of key data protection and cybersecurity thought leaders from both public and private sectors. Each chat will be relatively brief, leaving some time to address participant questions via our virtual space. Please feel free to suggest any topics you would be interested to hear addressed by contacting dcevents@sidley.com.

(more…)