transfers - DPO Hub

Your OSS for the EU-US DPF

public – 4 min read

5 Nov: EDPB adopts first review report 9 Oct: EC publishes first review report, concluding the DPF 'functions effectively'. New review in 3 years. Older: Interesting read by C. Kuner on 'Strengthening the EU Legal Edifice for Data Transfers'.

Nov 6, 2024

Major news: 🇪🇺 EUC launched new SCCs public consultation

members – 1 min read

At last, the moment we've been dreading and waiting for: the European Commission has taken a step towards new SCCs for transfers where the importer is in a third country and directly subject to the GDPR. Planned for Q2 2025.

Sep 12, 2024

Denmark Google Workspace for Education Chromebook case (Helsingørgate)

members – 9 min read

[15 July: Municipalities complies with Jan order + 🚨 DPA asks for EDPB opinion on the scope of a controller's documentation obligations regarding a processor's use of sub-processors] The Danish DPA's landmark decision of 2022 to ban certain use of Google products and US transfers, is still ongoing.

Jul 15, 2024

EDPS: the European Commission's use of MS365 is non-compliant

members – 10 min read

[15 July: Both parties seek annulment] After the EDPS' second investigation into the European Commission's use of Microsoft 365, they found (again) several serious EUDPR violations, notably related to purpose limitation and transfers, which are still ongoing.

Jul 15, 2024

EU and Japan conclude "landmark deal on cross-border data flows"

members – 1 min read

🇪🇺 & 🇯🇵 agree cross-border data flows agreement which complement their existing adequacy arrangement.

May 2, 2024

EDPB clarifies implementation DPF redress mechanisms

members – 1 min read

📝 The EDPB clarifies implementation of the Data Protection.. errrr, I mean *Privacy* Framework redress mechanisms!

Apr 24, 2024

CJEU C-101/01 Bodil Lindqvist

members – 4 min read

A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.

Apr 9, 2024

🔥 Swedish Tax Agency greenlights (?) US cloud services

members – 2 min read

Following the EU-US DPF, the 🇸🇪 Tax Agency approves using Microsoft Office 365 and Teams. Despite emphasising that everyone must do their own assessments, I'd say this could strengthen your own cloud services assessments.

Mar 22, 2024

Denmark DPA orders municipalities to ensure Google-sharing compliance

members – 1 min read

🔥 Danish DPA with new decision in their Helsingørgate/Chromebook case!

Jan 30, 2024

European Commission upholds adequacy decisions for 11 third countries and territories

members – 1 min read

Great news for those who aren't fans of TIAs: the EUC upholds adequacy for Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay. ✅

Jan 16, 2024

Norway DPA intends to ban processing and suspend transfers to Russia

members – 1 min read

…

Aug 8, 2023

Norway DPA reprimands Telenor for Google Analytics use (final)

members – 2 min read

…

Jul 27, 2023