The European Data Protection Board announced guidelines related to the interplay between data transfers and territorial scope under the EU General Data Protection Regulation. The guidance offers three "cumulative criteria" that would categorize data processing as a transfer. Notably, the board explicitly said it does not consider a transfer to be the "collection of data directly from data subjects in the EU at their own initiative." EDPB Chair Andrea Jelinek said the guidance presents "a consistent interpretation of the concept of 'international transfers.'" Editor’s note: IAPP Editorial Director Jedidiah Bracy, CIPP, reported on data transfer updates provided by EU officials at the IAPP Data Protection Congress 2021.
If you want to comment on this post, you need to login.