International transfers

GDPR only applies if EU subjects targeted, confirms EDPB

The European Data Protection Board’s long-awaited GDPR extraterritoriality guidelines have confirmed that the regulation will only apply to non-EU organisations that target European data subjects.

28 November 2018

EU eyes India adequacy

EU bodies have pledged to support India’s efforts to enact adequate data privacy legislation – but have warned about data localisation barriers for European companies trying to access Indian markets.

20 November 2018

UK-EU withdrawal deal sets out status of data protection post Brexit

The UK cabinet has signed off on a draft withdrawal agreement setting out how data protection rules will apply once the UK leaves the European Union.

15 November 2018

Study suggests ways to make blockchain GDPR-compliant

Blockchain applications could comply with the GDPR by using closed networks and storing data off the system – though the regulation could still have a “chilling” effect on public, open use of the technology without further guidance from regulators, a UK study has found.

07 November 2018

MEPs clash on ePrivacy and Privacy Shield

Members of the European Parliament butted heads today over the delayed ePrivacy Regulation and the proposed suspension of the Privacy Shield, ahead of a vote on a resolution on Cambridge Analytica’s use of Facebook user data.

23 October 2018

US-EU privacy relationship moving towards “healthy” tension, says Dixon

Ireland’s data protection commissioner Helen Dixon has said that a positive outcome of the “fraught issue” of data transfers is that the US and Europe better understand each other’s approaches to privacy.

23 October 2018

No SCCs needed for data controllers governed by GDPR, ICO lawyer suggests

Ahead of expected European guidance on the extraterritorial scope of the GDPR, the general counsel of the UK’s data watchdog has suggested that data transfers to third countries that haven’t been granted an adequacy decision will be unrestricted if the recipient is already subject to EU rules.

12 October 2018

Swiss data protection chief fights tax data-sharing scheme

Switzerland’s federal data protection commissioner has issued a complaint to a federal court over a scheme that shares financial information with foreign authorities to aid tax evasion investigations.

10 October 2018

Identifying "genuine" main establishment key, says Irish enforcer legal chief

The Irish Data Protection Commission’s head of legal has said that companies must be able to demonstrate that their main establishment in the EU plays a genuine decision-making role to benefit from the GDPR’s one-stop-shop concept.

12 September 2018

Google and CNIL clash on global right to be forgotten

France’s data protection watchdog has insisted that delistings that follow right to be forgotten requests should apply globally, despite arguments from Google, Microsoft and a host of NGOs that such requests should only apply within the EU.

11 September 2018

Get unlimited access to all Global Data Review content