Blog
EU Commission adopts its adequacy decision for the EU-U.S. Data Privacy Framework
The European Commission’s recent adoption of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) is a turning point in transatlantic data transfers. Effective 10 July 2023, this framework replaces the invalidated Privacy Shield Framework, once again allowing transfers from the EU to certified U.S. organisations without the need for additional transfer tools. However, with its complex backstory and potential for future challenges, the EU-U.S. DPF promises a fascinating journey ahead in the realm of data privacy. This blog post provides a concise yet comprehensive overview of the DPF and its practical implications.
Charlotte Mason
📢 WHAT... ⁉️ You may have thought that the CPRA crosses the finishing line this weekend 🏁 BUT...
The Sacramento Superior Court issued a tentative ruling delaying the enforcement of the CPRA regulations. The CPRA is amending the Californian CCPA and especially strengthens data subjects rights. The regulations were issued in March 2023 and should become enforceable on July 1st.
📢 EDPB Adopts Guidelines on Art. 65(1)(a) of GDPR 📚
Great news for privacy enthusiasts. The European Data Protection Board (EDPB) has recently adopted the final version of the Guidelines on the application of Art. 65(1)(a) of the GDPR. These guidelines are designed to provide clarity on the various stages of the Art. 65 procedure and shed light on the EDPB’s authority when issuing legally binding decisions based on Art. 65(1)(a) of the GDPR.
📌 Exciting News: UK and US Commit to Data Bridge, but Details Remain Scarce 🔔
🛡 The UK and US have committed in principle to establish a data bridge, extending the Data Privacy Framework. Although details are limited, this move is seen as an attempt to substantiate the Prime Minister’s visit to the US. The data bridge has the potential to encompass sectors like pharmaceuticals and financial services, which are currently not covered by the Privacy Shield but pose data sensitivity challenges. The extension of the data transfer regime through certification and accountability mechanisms is a positive step, pending further details.
Private or public, does it matter?
Data protection is becoming increasingly complex in the education sector. New laws entering into force and additional guidelines make it difficult to keep up with the constant changes. An additional layer of complexity comes with the range of organisations funded in differing ways, from private companies to charitable organisations and publicly funded institutions. Learn more about the extraterritorial scope of privacy laws and the need for education providers to appoint a representative.
Andreas Maetzler, Charlotte Mason