This continues our series of blog posts on the draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR” issued by the European Data Protection Board (“EDPB”) on 7 September 2020. This blog focuses on the updates to the concept of “third parties” and “recipients” in the draft Guidelines. See our previous issue on the updates in the draft Guidelines on the concept of processor here, on controller here…

Several important documents relating to the rules governing the transfer of EU personal data were published during the second week of November 2020 by the European Data Protection Board (EDPB) and the EU Commission. In addition, the EU Commission has also published new standard contractual clauses for use when transferring personal data between a controller and a processor within the EEA and to countries outside the EEA. Transfers of Personal Data to Third Countries In…

With the end of the Brexit transition period fast approaching, we have examined the potential impact on data privacy compliance in the UK and the EU/EEA and prepared a guide which provides practical advice on how to prepare to ensure that your organization is in the best position possible to deal with the outcome of the current UK/EU negotiations on 31 December 2020. Organisations are advised to identify personal data flows between the EEA and…

In a significant development impacting all developers of certified Health IT and health care providers, the Department of Health and Human Services (“HHS”) Office of the National Coordinator for Health Information Technology (“ONC”) announced an Interim Final Rule with Comment Period (“IFC”) delaying compliance dates and timeframes for information blocking and the health IT certification program. This delay will come as a welcome change for certain entities in the health care sector struggling to implement…

On November 3, 2020, a majority of Californians voted to approve a new ballot initiative – Proposition 24, or the “California Privacy Rights Act of 2020” (“CPRA”).  We previously issued alerts on the road to certification of this ballot initiative here. Below, we highlight the main points that businesses facing compliance with this new privacy law should bear in mind. We will provide further updates in the days and months to come, drilling down…

Last month California Governor Gavin Newsom signed AB 713 into law, which more closely aligns CCPA to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other laws governing scientific research. Although these changes may help ease compliance challenges for the health care and life sciences industries, the changes only exempt from the CCPA certain types of data rather than exempt health companies entirely.…