The central objection raised is a predictable one, and one that some analysts believe will inevitably cause the EU-US data transfer proposal to fail yet another court challenge if it makes it to implementation: the lack of a federal-level data privacy law in the US.
A new paper from global law multinational DLA Piper lays out the case for a risk-based approach to GDPR international data transfers, arguing that the status quo is too onerous and that data exporters are suffering.
Losing Ireland "main establishment" status means that any national DPA in the EU could bring direct GDPR action against Twitter on behalf of its citizens without the standard collaborative process that ultimately funnels everything through the Irish DPC.
The crux of the privacy objections is that the executive order does not guarantee that indiscriminate collection will be stopped; it merely attempts to narrow the scope of intelligence activity in EU-US data transfers.
Organizations must elevate their data management and privacy regulations to adhere to governance policies, which will align with privacy laws. This will enable the proper management and storage of personal data and avoid some of the ongoing privacy issues faced today.
GDPR was introduced in 2018 and has significantly impacted privacy, transparency, and business accountability. What could have been done better, and what’s next?
Italy’s data protection authority has ruled that Google's data transfers to servers in the United States fall afoul of the rules of the GDPR, with the company not anonymizing IP addresses sufficiently.
The EU Digital Markets Act (DMA) appears headed for adoption in May. Companies providing “core platform services”, as well as those potentially receiving data from such companies, should understand not only what the DMA requires, but also its impact on existing obligations under the GDPR.
A new data reform bill included in the 2022 Queen's Speech promises a "pro-growth" framework of greater benefit to both businesses and citizens of the UK. It could put an end to the data adequacy decision that allows personal data to continue flowing between it and the EU.
A statement from Danske Bank indicates that the GDPR violations are tied to an inability to build data deletion functionality into its complex interlocked IT systems despite beginning efforts in 2016.