Third-country transfers of personal data continue to be one of the most attention-grabbing topics in data protection law, not least in light of the significant amount of guidance and decisions from the DPA, the European Data Protection Board (EDPB) and the CJEU.
Most recently, on April 4, 2024, the Danish Data Protection Agency published a revised version of its guidance on third-country transfers and on April 20, 2024, the US Senate passed a renewal of the Foreign Intelligence Surveillance Act (FISA). FISA is a key piece of legislation that has led to challenges for third-country transfers between the EU and the US for a number of years. One of the aspects that particularly gives rise to challenges is the assessment of whether a given third country's legislation allows public authorities in the third country to gain access to personal data to an extent that is not compatible with the requirements of the GDPR. This requires, among other things, an assessment of the third country's legislation and practices in relation to the activities of intelligence services.
Data Protection Officers (DPOs), IT Security Officers, data protection lawyers, etc. are faced with the difficult task of reconciling the requirements of data protection law with the business' desire to use necessary and value-creating IT solutions. The challenges in this area are particularly acute when using solutions that include cloud computing.
In light of recent developments, CO:PLAY's experts bring the field together and provide perspectives on how to solve some of the more difficult aspects of third-country transfers, including transfers to the US and the TIA assessment of non-US third countries.
In light of the European Commission's decision on the level of protection in the US, and the renewal of FISA, the rules governing the collection of personal data by US intelligence agencies are reviewed to illustrate why the Commission found that there is an adequate level of protection in the US.
Finally, CO:PLAY's expectations for how the area is expected to develop are discussed.
The seminar is aimed at data protection law experts, DPOs, etc. who are familiar with the area and who want a business-oriented approach to handling the often difficult assessments and supplier dialogues that concrete third-country transfers can give rise to.
The seminar will allow participants to share knowledge with other subject matter experts and draw on CO:PLAY's unique insights across data protection, national security and cybersecurity.
The course can be approved as mandatory continuing education for lawyers.
