Two sets of regulations aimed at readying UK data protection law for a post-Brexit world have been promulgated in recent weeks. These regulations, which were made pursuant to the EU (Withdrawal) Act 2018 (EUWA), will only come into force in most respects upon the UK’s withdrawal from the EU. Broadly speaking, these regulations are intended … Continue Reading
Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here). This 14-point position paper follows a meeting that these authorities held last week. Key points include: following the Safe Harbor judgment of the … Continue Reading
On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs. In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within … Continue Reading
On 10 June 2013, the UK Information Commissioner’s Office authorized GlaxoSmithKline’s ‘Binding Corporate Rules‘ (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. Covington & Burling’s data privacy and security team, led by London partner Dan Cooper and senior associate Mark Young and including Brussels based … Continue Reading