They State That Direct Collection of Personal Data by Non-EU Companies Is Not a “Data Transfer” Under the GDPR
On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first time—clarify the notion of “data transfer.” Departing from common understanding, the EDPB has determined that there is no data transfer where EU data subjects disclose on their own initiative personal data directly to a non-EU company. Consequently, there is no need to implement a transfer tool in such situations. The Guidelines are open to public consultation until the end of January 2022.
Continue Reading EU Regulators Define Data Transfers