https://www.lexology.com/library/detail.aspx?g=4cd0e531-e4dd-4302-bcc3-a3eee50af0f4
Switzerland: FDPIC recognizes new EU SCC
Press release:
https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html#-1259254222y
“27.08.2021 – In its statement of 27 August 2021, the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.
The following explanations show which adaptations and amendments must be made. The standard contractual clauses pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU), the Swiss Transborder Data Flow Agreement (for outsourcing of data processing) of November 2013 and Council of Europe model contract to ensure equivalent protection in the context of cross-border data flows can still be notified until 27 September 2021 and continue to be used during a transitional period until 31 December 2022. ”
The transfer of personal data to a country with an inadequate level of data protection based on recognised standard contractual clauses and model contracts (PDF, 303 kB, 27.08.2021):
https://www.edoeb.admin.ch/dam/edoeb/en/dokumente/2021/Paper%20SCC%20def.en%2024082021.pdf.download.pdf/Paper%20SCC%20def.en%2024082021.pdf
More information about transborder data flows:
https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html
EU – mHealth label published
The new technical specification on a quality label for health and wellness apps has been published by ISO, CEN and IEC. It brings together and builds on guidelines and requirements for apps, by many local and national health organizations around the world to ensure they are safe, reliable and effective.
https://digital-strategy.ec.europa.eu/en/news/mhealth-label-published
ISO/TS 82304-2, Health software – Part 2: Health and wellness apps – Quality and reliability, brings together and builds on guidelines and requirements for apps by many local and national health organizations around the world to ensure they are safe, reliable and effective.
at ISO: https://www.iso.org/news/ref2704.html
China: PIPL – Personal Information Protection Law
The Personal Information Protection Law of China needs to be read together with
- the Data Security Law,
- the Cybersecurity Law,
- the Civil Code,
- and the Critical Information Infrastructure Security Protection Regulations
Personal Information Protection Law:
- Stanford’s DigiChina Project’s translation of China’s finalized
https://digichina.stanford.edu/news/translation-personal-information-protection-law-peoples-republic-china-effective-nov-1-2021 - Original:
http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml - Analysis by DLA Piper:
https://blogs.dlapiper.com/privacymatters/chinas-pipl-has-finally-arrived-and-brings-helpful-clarification-rather-than-substantial-change-to-chinas-data-privacy-framework/
—
Data Security Law (DSL)
- Latham Watkins article on the DSL:
https://www.globalprivacyblog.com/security/chinas-new-data-security-law-what-to-know/
- Stanford’s DigiChina Project’s translation of China’s finalized
GDD Praxishinweise Schrems II Fragebogen
Practical advice on responding to the questionnaires shared by some German DPAs related Schrems II.
The referenced paper by the Wissenschaftliche Dienst des Deutschen Bundestags on “US-Datenrecht – Zugriff US-amerikanischer Behörden auf Daten”
https://www.bundestag.de/resource/blob/796102/ea53ffe8e08a9ab11e270719263d8c53/WD-3-181-20-pdf-data.pdf
Germany: DPA Thüringen: Data retention and deletion according to protection needs of data
“Orientierungshilfe Datenträgervernichtung entsprechend dem Schutzbedarf der Daten”
also mentions DIN 66399
https://www.tlfdi.de/fileadmin/tlfdi/gesetze/orientierungshilfen/datentragervernichtung.pdf
UK: ICO consultation on data transfers outside the UK
open until 07.10.2021, includes:
- International transfer risk assessment and tool
https://ico.org.uk/media/about-the-ico/consultations/2620397/intl-transfer-risk-assessment-tool-20210804.pdf - International data transfer agreement
https://ico.org.uk/media/about-the-ico/consultations/2620396/intl-data-transfer-agreement-202100804.pdf - Draft UK Addendum to the EU Commission standard contractual clauseshttps://ico.org.uk/media/about-the-ico/consultations/2620398/draft-ico-addendum-to-com-scc-20210805.pdf
- Consultation paper and questions
https://ico.org.uk/media/about-the-ico/consultations/2620394/consultation-paper-intl-transfers-under-uk-gdpr-20210804.docx
Comments in German by Bernadette Bucheli at https://datenrecht.ch/ico-entwurf-uk-addendum-zu-den-standardvertragsklauseln/
EDPB: Overview on resources made available by Member States to the Data Protection Authorities and on enforcement actions by the Data Protection Authorities
Cybersec4europe – Publications
“As a research project, CyberSec4Europe is working towards harmonising the journey from the development of software components that fit the requirements identified by a set of short- and long-term roadmaps, leading to a series of consequent recommendations. These are tied to the project’s real-world demonstration use cases that address cybersecurity challenges within the vertical sectors of digital infrastructure, finance, government and smart cities, healthcare and transportation.”
- Publications:
https://cybersec4europe.eu/publications/ - Deliverables:
https://cybersec4europe.eu/publications/deliverables/
Article: GDPR – legal defense against fines
Verteidigung gegen Bußgelder und Schadensersatzforderungen nach der DSGVO
von RA Tim Wybitul, RRef. und Wiss. Mit. Johannes Zhou