With China’s PIPL (Personal Information Protection Law), restrictions on cross-border data transfers have been tightened. They remain authorized but are very supervised, with some stricter data localization rules. There are three main mechanisms to export data: security assessment, certification and standard contractual clauses.
[Read more…] about PIPL, Data Transfer in China & Data LocalizationData Transfer
Schrems vs. Facebook: will the EU Standard Contractual Clauses survive?
Will the EU Standard Contractual Clauses survive the new battle between Facebook and Maximilian Schrems? On October 3, 2017, the Irish High Court issued a decision requesting the CJEU to evaluate the validity of the EU Standard Contractual Clauses (SCCs). These clauses are used to export personal data collected in the European Economic Area (EEA) to a third country.
By this decision, the High Court acknowledges that there are “well-founded grounds for believing that [the EU Standard Contractual Clauses] are invalid,” and that it is therefore necessary to refer them to the CJEU to ensure uniform data protection in the EU (see paragraph 338 of the judgment).
[Read more…] about Schrems vs. Facebook: will the EU Standard Contractual Clauses survive?