The International Association of Privacy Professionals (IAPP) recently recognized Alston & Bird Senior Counsel Peter Swire as part of the IAPP’s “25 Leaders, 25 Moments at 25 Years” series. The IAPP, an organization with over 80,000 professionals around the globe, recognized Peter for his work writing the IAPP’s first textbook on U.S. privacy law. […]
International Data Transfers
Article: White Paper on Clarifying Definitions in the Protecting Americans’ Data from Foreign Adversaries Act of 2024
Peter Swire, Senior Counsel at Alston & Bird, has published a white paper at the Cross-Border Data Forum (“CBDF”), analyzing the definitions in the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFAA”), which was passed on April 24, 2024 and will take effect on June 23, 2024. The white paper discusses some ambiguities […]
China Releases Updated Regulations on Permits Needed for Transferring Data out of China
On March 22, 2024, the Cyberspace Administration of China (CAC) published the Regulations on Promoting and Regulating Cross-border Data Flow (the “Regulations”), effective immediately. The Regulations supplement China data protection laws (the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law), and take precedence over previously-issued data transfer rules, such as (a) […]
Article: Executive Order to Limit Sales of Americans’ Sensitive Data to Adversarial Foreign Governments
Peter Swire, Senior Counsel at Alston & Bird, has co-authored a detailed article in Lawfare, “Limiting Data Broker Sales in the Name of U.S. National Security: Questions on Substance and Messaging,” analyzing the Biden Administration’s new Executive Order issued yesterday. Swire’s article summarizes key aspects and impacts of the Executive Order, which is intended to […]
Are You Using EU Standard Contractual Clauses for Data Transfers? Be Aware of these Breach Notification Requirements
It has become common knowledge that the General Data Protection Regulation (2016/679) (GDPR) heavily restricts transfers of personal data outside of the European Union (EU). In the absence of an adequacy decision by the European Commission, the GDPR allows controllers and processors to transfer personal data to a third country outside of the EU only […]