Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Cross-Border Data and Transfers
Cross-border data transfers are a flashpoint in global privacy law, particularly between the EU and U.S. Mechanisms like the EU-U.S. Data Privacy Framework and Standard Contractual Clauses face ongoing scrutiny by courts and regulators as global corporate operations must sync with divergent national regulatory environments. This legal uncertainty has pushed companies to adopt more rigorous transfer impact assessments and contractual safeguards. This page tracks regulatory developments, enforcement actions, and emerging requirements for international data flows.
It’s important for organizations to “actively stay up to date” on DOJ’s sensitive data rule even though enforcement began on July 9, blogged Constangy Brooks lawyers on Thursday.
The U.S. has set itself on a "fundamentally divergent path" from the EU by focusing on deregulation and national security in the new White House AI Action Plan (see 2507230058), Pinsent Mason AI and intellectual property attorney Cerys Wyn Davies blogged Thursday.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
Companies are considering relocating business operations from China and cutting off certain data flows in a conservative approach to complying with DOJ’s data transfer rule, privacy attorneys told us in interviews.
Indonesia agreed to grant the U.S. "adequacy" for personal data transfers under a trade deal the White House announced Tuesday, but it's unclear when the decision will take effect, IAPP Global Privacy Policy Manager Luis Montezuma told us Wednesday.
Companies operating in Latin America should be aware that data protection authorities (DPAs) there are increasing guidance and enforcement, said panelists during a webinar Tuesday sponsored by TrustArc, a privacy compliance vendor.
The U.S. should urge international trading partners to remove cloud service restrictions and cross-border data restrictions, the Business Software Alliance said Monday, launching its AI Adoption Agenda.
Recent enforcement against Honda and Healthline in California and FTC action against data brokers show that companies must understand data flow and consent, an executive with the Interactive Advertising Bureau (IAB) said in an interview Monday.
The European Commission must urgently reassess Israel's data protection adequacy status, European Digital Rights (EDRi), the Electronic Privacy Information Center and 15 other civil rights groups said in a Tuesday letter to Michael McGrath, EU commissioner for democracy, justice, rule of law and consumer protection. Neither the EC nor the Israeli government commented immediately.