Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged Article 46 GDPR
A bridge to nowhere?
A bridge to nowhere?

A commitment to establishing a UK-US data bridge, which would take the form of adequacy regulations being issued by the Secretary of State pursuant to section 17A Data Protection Act 2018, has been announced. Since this bridge is likely to be contingent on the European Commission issuing its own adequacy decision, and the draft has recently been rejected by the European Parliament, data exporters will be reliant on the Commission ramming through the roadblock or will find themselves stuck in traffic on the UK-US data flyover.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Privacy Shield, Schrems II, Transatlantic Data Privacy Framework, Adequacy Decision, EUROPEAN COMMISSION, Safe Harbor, Adequacy Regulations, UK Adequacy, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities, EU-US Data Privacy Framework, UK-US Data Bridge, Chapter 5 GDPR, Chapter 5 UK GDPR, Article 45 GDPR, Article 45 UK GDPR, Article 46 GDPR, Article 46 UK GDPR, Data Protection Act 2018, Section 17A Data Protection Act 2018, s17A Data Protection Act 2018, Qualifying State, Executive Order 14086, TADPF, European Parliament, Committee on Civil Liberties, Committee on Civil Liberties Justice & Home Affairs, LIBE Committee, European Data Protection Board, EDPB, Opinion 5/2023, German-American Data Protection Day, DoJ, Department of Justice, Standard contractual clauses, Standard data protection clauses, Supplementary Measures, Transfer Risk Assessment, Transfer Impact Assessment, Derogation, Data Transfer, Data transfer agreement, US Data Transfers, International Transfers, International data transfers, International Data Transfer Risk Assessment, Data Controller, Data Processor, Data exporter, Data ImporterComment
Risky business
Risky business

New guidance issued by the Information Commissioner’s Office on the approach to assessing the risk of restricted ex-UK international data transfers may ease restrictions on transfers of personal data to the US and presents an opportunity to revisit ex-UK international data transfers that had previously been rejected as non-compliant.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Article 46 GDPR, Article 46 UK GDPR, Article 46(2)(c) UK GDPR, Article 46(2)(c) GDPR, DATA PROTECTION ACT 2018, DPA 2018, Data Transfer, US Data Transfers, Restricted Data Transfer, International data transfers, Restricted International Data Transfers, DPC22, Emma Bate, Information Commissioner's Office, Information Commissioner, ICO, EDPB, European Data Protection Board, International Data Transfer Risk Assessment, IDTRA, Transfer Risk Assessment, TRA, Data export, Personal Data Export, Data Exporter, Supplementary Measures, Data Controller, Data Processor, Data Importer, Schrems II, C-311/18, Transatlantic Data Privacy Framework, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, Appropriate Safeguards, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, EDPB Recommendation 01/2020, International Data Transfer Agreement, International Data Transfer Addendum, IDTA, Standard Contractual Clauses, Modernised Standard Contractual Clauses, International Transfers, Privacy, Data Privacy, Human Rights, Transfer Risk Assessment Tool, Data Protection & Digital Information Bill, Adequacy Decision, UK Adequacy, Bill of Rights, Transfer Impact Assessment, TIAComment
Biden waves Privacy Magic Wand
Biden waves Privacy Magic Wand

President Biden issued Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities on 07 October 2022, enhancing the safeguards afforded to global citizens and laying the foundation for adequacy findings by the European Commission and Secretary of State for ex-EEA and ex-UK restricted international data transfers. While the risk of legal challenge to any adequacy finding would remain, such findings would provide welcome respite for the millions of data exporters who are neither equipped nor resourced to conduct wide ranging reviews of foreign legislation at an individual level.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, Article 45 GDPR, Article 45(2) GDPR, Article 46 GDPR, UK GDPR, Article 45(2) UK GDPR, Data Protection Act 2018, DPA 2018, Section 74A Data Protection Act 2018, S.74A Data Protection Act 2018, International Data Transfers, Restricted International Data Transfers, Adequacy Decision, Adequate Countries, Qualifying State, international Data Transfer Risk Assessment, Safe Harbor, Privacy Shield, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities, Max Schrems, noyb, Schrems II, Case C 311/18, CJEU, Secretary of State for Digital Culture Media & Sport, Michelle Donelan MP, European Commission, President Ursula von der Leyen, President Joe Biden, US Secretary of Commerce, Gina Raimondo, European Data Protection Board, Civil Liberties Protection Officer of the Office of the Director of National Intelligence, Civil Liberties Protection Officer, Privacy and Civil Liberties Oversight Board, Privacy and Civil Liberties Officer, Presidential Policy Directive 28 of January 17, 2014 (Signals Intelligence Activities) (PPD-28), Inspector General, Data Protection Review Court, Executive Order 14086, Executive Order on Enhancing Safeguards for United States Signals Intelligence ActivitiesComment
See ya SCCs, enter the IDTA
See ya SCCs, enter the IDTA

New data processing or other sharing agreements governed by the UK GDPR, which are entered into on or after Thursday 22 September 2022 and which involve the export of personal data from the UK to third countries and will rely on appropriate safeguards under Article 46 UK GDPR in the form of standard data protection clauses, can no longer rely on the standard contractual clauses (SCCs) or ‘model clauses’ issued by the European Commission and valid as at 31 December 2020 and must instead incorporate the International Data Transfer Agreement or modernised SCCs and International Data Transfer Addendum.

Read More
Nicola CainData Protection, Data Protection Act 2018, GDPR, UK GDPR, General Data Protection Regulation, UK General Data Protection Regulation, EUROPEAN COMMISSION, Information Commissioner, SchremsII, Schrems II, Standard contractual clauses, SCCs, Modernised Standard Contractual Clauses, Modernised SCCs, International data transfers, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, International Data Transfer Risk Assessment, Article 46 UK GDPR, Article 46 GDPR, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, Brexit, UK-EU Withdrawal Agreement, Article 46(2)(c) UK GDPR, Article 46(2)(d) UK GDPR, Article 46(2)(d) GDPR, Standard data protection clauses, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), Schedule 21 Part 3 para.7 Data Protection Act 2018, Data transfer agreement, Data exporter, Commission Implementing Decision (EU) 2021/914, Data Controller, Data Processor, Data Exporter, Data ImporterComment