Alston & Bird Privacy, Cyber & Data Strategy Blog

Data Protection

Texas Becomes Tenth State to Enact a Comprehensive State Privacy Law

By and

On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws. TDPSA takes effect July 1, 2024, except for provisions that enable consumers to designate authorized agents to exercise on […]

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

By , , and

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]

Council of Europe Launches Model Contractual Clauses for Transfers of Personal Data

By and

On June 16, 2023, the Council of Europe’s Committee of Convention 108+ (i.e., the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) adopted Model Contractual Clauses for cross-border data flows (“MCCs”). The MCCs are intended to cover the transfers of personal data to countries that are not parties to […]

Joint Regulatory Guidance Aims to Help Companies Transfer Personal Data Across ASEAN and EU Member States

By and

On May 23, 2023, the European Commission together with ASEAN (the Association of Southeast Asian Nations) published guidance that identifies commonalities and differences between the EU Standard Contractual Clauses for international data transfers (“SCCs”), and ASEAN’s Model Contractual Clauses (“MCCs”), to assist companies  with their efforts to comply with data transfer rules in both regions […]

The EU Supervisory Authorities’ Coordinated Enforcement Action in the EU: This Year It’s All About DPOs

By , and

On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated enforcement action”, focusing on the designation of Data Protection Officers (“DPOs”) under the EU GDPR, and the position that DPOs hold in […]