On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.
Continue Reading Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

On February 2, 2022, the UK privacy regulator (i.e., the Information Commissioner’s Office or the ICO) issued new model clauses to support data transfers from the UK. Subject to approval by the UK Parliament, the new model clauses will become effective March 21, 2022. Companies transferring personal data outside the UK will have until March 21, 2024 to update existing contracts, but should use the new model clauses for any new contracts they sign as of September 21, 2022.

Background
Continue Reading New Model Clauses for Personal Data Transfers Outside the UK