A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.

By Gail E. Crawford, Fiona M. Maclean, Michael H. RubinUlrich Wuermeling, Calum Docherty, and Amy Smyth

On 16 July 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield, one of the key mechanisms for lawfully transferring personal data from the European Union to the United States. At the same time, the CJEU ruled that the standard contractual clauses (Model Clauses) remain valid but can only be used under strict conditions.

This post provides an initial analysis of the judgment and proposes some immediate next steps for businesses to ensure compliant data transfers from the EU.

By Justin Cornish, Alice Marsden, Brian Meenagh

On February 26, 2012 the Office of the Commissioner of Data Protection (OCDP) for the Dubai International Financial Centre (DIFC) published its Strategic Plan for 2012-14. One of the key statements in the Strategic Plan is the statement of the OCDP’s intention to apply to the European Commission for acceptance of the DIFC as a jurisdiction with an adequate data protection regime. If the DIFC is officially declared ‘adequate’ by the European Commission