It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions of these SCCs and the implementing Commission Decisions in December 2020. These new SCCs are, arguably, the most significant development in European data protection law since the coming into force of the EU General Data Protection Regulation (“GDPR”) in May 2018, which was three years ago this month. These new SCCs will replace prior versions of the SCCs, some of which date back to 2001 and pre-date the GDPR. We are closely monitoring developments in this area and will report on the new SCCs as soon as these are published. We expect the impact of these SCCs to be significant on organizations which are directly subject to the GDPR or which receive personal data from organizations that are subject to the GDPR.
United Kingdom
What Does Brexit Mean for Data Protection?
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In light of this uncertainty we outline what will happen, and what should be considered, depending on how things play out especially given the important votes due to take place within the UK Parliament this week.
U.K. Internet Publication Rule Upheld; Internet Viewings Constitute Republication
On March 10, 2009, the European Court of Human Rights held that the British Internet publication rule does not violate the right to free expression guaranteed by Article 10 of the European Convention. The case has profound implications for those bringing privacy- or disclosure-related tort claims based on materials available on the Internet – where U.K. law applies.
U.K. ICO May Impose Fines for Data Breaches
A new Act of Parliament gives the United Kingdom’s Information Commissioner’s Office (ICO) the authority to impose monetary penalties for misuse of personal data in violation of section 55 of the Data Protection Act of 1998 (DPA).
…