The many faces of adequacy
June-July have been a busy couple of months for those whose work involves international data transfers. First, we received a draft adequacy decision on Korea, then the final decisions for the UK, and also the EU’s revised standard contractual clauses. In this issue, Professor Greenleaf analyses the Korea decision in detail, and what we can learn from it for any future adequacy applications.
We discussed the UK’s new, bold approach to international data transfers at our Annual Conference online (see www.privacylaws.com/events and also p.18 in this issue). While the UK decision came though relatively quickly due to Brexit pressures, the EU Commission now has the existing adequacy decisions to evaluate. Talking about this and other work at the European Commission, Bruno Gencarelli from the EU Commission confirmed that negotiations are underway with the US on trying to find a way for EU-US data transfers.
The US Federal Trade Commission is now the de facto US privacy enforcement agency, but there are criticisms from those who wish to see an independent data protection authority. Should the FTC be transformed so that there would be a dedicated Bureau of Data Protection by transferring existing staff? The FTC is certainly trying to find new ways of influence. Its new rulemaking group has the intention to write new consumer protection rules. And how will the appointment of Lina Khan as the new Chair affect the larger context of EU-US talks on international data transfers? We will follow all these developments closely in the coming months.
It will be discombobulating for organisations to comply with Schrems II. In this issue, we discuss the EDPB guidance on Supplementary Measures, and report on specific action by German DPAs.
Selling recreational cannabis became legal in Canada in October 2018. We explore how privacy law applies to the legal sale of this product, as well as research findings by British Columbia’s Office of the Information and Privacy Commissioner on retailers’ level of compliance.
Editor, Privacy Laws & Business