Blog

Advancing Data Protection in India: The Digital Personal Data Protection Bill, 2023

Big News! 🎉 The Rajya Sabha has approved the Digital Personal Data Protection Bill, 2023 on August 9. This new law introduces stricter rules around handling digital personal information, provides for dedicated officers to address data subject rights, requires methods of redress for individuals, and establishes an Indian Data Protection Board to handle complaints. This law is all about being responsible with data and ensuring fairness in India’s digital world.

Ready for the new Swiss Data Protection Law? Implications for organizations outside Switzerland

The revised Swiss Federal Act on Data Protection (RevFADP), which takes effect from September 1, 2023, brings Switzerland’s data protection regime in line with the GDPR and has significant implications for organizations outside Switzerland. The territorial scope of the RevFADP is broader than the GDPR, applying to activities with an impact in Switzerland even if initiated from abroad. Non-Swiss companies targeting goods or services to Swiss individuals or storing data on Swiss servers must comply. Additionally, organizations caught by the RevFADP’s scope must appoint a representative in Switzerland to serve as their local point of contact for Swiss data subjects and the Swiss supervisory authority (FDPIC). Senior managers and those responsible for an organization’s data protection tasks should take note of the new criminal sanctions of fines up to CHF 250,000 for individuals that have wilfully breached the RevFADP.

🔒 Practical implications following the EU Commission's adequacy decision for the EU-U.S. Data Privacy Framework 🔒

📅 On 10 July 2023, the European Commission adopted its adequacy decision on the EU-U.S. DPF, but what does this mean operationally for transfers from the EU to organizations in the U.S.?

✉️ Transfers of personal data can now be made to U.S. organizations certified as EU-U.S. DPF participants without needing appropriate safeguards like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

EU Commission adopts its adequacy decision for the EU-U.S. Data Privacy Framework

The European Commission’s recent adoption of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) is a turning point in transatlantic data transfers. Effective 10 July 2023, this framework replaces the invalidated Privacy Shield Framework, once again allowing transfers from the EU to certified U.S. organisations without the need for additional transfer tools. However, with its complex backstory and potential for future challenges, the EU-U.S. DPF promises a fascinating journey ahead in the realm of data privacy. This blog post provides a concise yet comprehensive overview of the DPF and its practical implications.

📢 WHAT... ⁉️ You may have thought that the CPRA crosses the finishing line this weekend 🏁 BUT...

The Sacramento Superior Court issued a tentative ruling delaying the enforcement of the CPRA regulations. The CPRA is amending the Californian CCPA and especially strengthens data subjects rights. The regulations were issued in March 2023 and should become enforceable on July 1st.