The European Data Protection Board announced guidelines related to the interplay between data transfers and territorial scope under the EU General Data Protection Regulation. The guidance offers three "cumulative criteria" that would categorize data processing as a transfer. Notably, the board explicitly said it does not consider a transfer to be the "collection of data directly from data subjects in the EU at their own initiative." EDPB Chair Andrea Jelinek said the guidance presents "a consistent interpretation of the concept of 'international transfers.'" Editor’s note: IAPP Editorial Director Jedidiah Bracy, CIPP, reported on data transfer updates provided by EU officials at the IAPP Data Protection Congress 2021.
19 Nov. 2021
EDPB adopts guidance with data transfer clarifications
RELATED STORIES
AI red teaming strategy and risk assessments: A conversation with Brenda Leong
A deep dive into Europe's approach on personal data processing in AI systems
CPPA Board approves data broker regulations
Meta reshapes EU personalized advertising offerings again
CPPA to initiate formal ADMT rulemaking process as executive director set to depart
