The Swiss Data Protection Authority has issued a Guide on transfers to third countries. Read the guide here →
The French Data Protection Authority (the CNIL) has published a post on the new Standard Contractual Clauses. You can find the post here →(in French)
The Spanish Data Protection Authority (the AEPD) has updated its platform for data breach notifications. Access it here →(in Spanish)
2) Notable Case Law
The Court of Justice of the European Union (CJEU) ruled that in exceptional cases, a national Data Protection Authority (DPA) may bring alleged infringements before their national court and engage in legal proceedings, without being the lead authority. However, one main condition is that the rules on cooperation and consistency set out by the GDPR are respected. Full details here →
3) New and Upcoming Legislation
European Union – The UK adequacy decision was reportedly approved by the Member States. The Commission must however adopt the final decision for it to become applicable. For more information surrounding this topic, read our post on the GDPR and Brexit.
The Republic of Korea – The European Commission has launched the procedure for an adequacy decision in favour of the Republic of Korea. The next step in the procedure is for the EDPB to issue an Opinion.
The European Data Protection Supervisor and the European Data Protection Board issued a joint opinion, calling for a ban on automated recognition of human features (for instance facial recognition) in public spaces and other uses of AI which could result in discrimination.