US

Trans-Atlan­tic Data Pri­va­cy Frame­work: Exe­cu­ti­ve Order expec­ted next week 

Accord­ing to a report by the news por­tal Poli­ti­co, the White Hou­se will publish an exe­cu­ti­ve order on trans­at­lan­tic data trans­fers next week. The report is based on unof­fi­cial state­ments from the White Hou­se. This will be fol­lo­wed by a rati­fi­ca­ti­on pro­cess by the Euro­pean Com­mis­si­on, which will take until

Laux Lawy­ers: Expert opi­ni­on on cloud usa­ge by the city of Zurich 

The ser­vice depart­ment “Orga­niz­a­ti­on and Infor­ma­ti­on Tech­no­lo­gy of the City of Zurich” (OIZ) is the IT pro­vi­der for the orga­niz­a­tio­nal units of the City of Zurich. As such, the OIZ has com­mis­sio­ned an expert opi­ni­on on the “Lega­li­ty of Public Cloud Ser­vices” from Laux Lawy­ers. The expert opi­ni­on is due on 16.

Den­mark: Ban on the use of Chrome­books and Goog­le Work­s­pace by municipalities 

In a deci­si­on dated July 14, 2022, the Danish data pro­tec­tion super­vi­so­ry aut­ho­ri­ty, Data­til­syn­et, com­men­ted on the use of Goog­le pro­ducts by a muni­ci­pa­li­ty and in par­ti­cu­lar on the trans­fer to the USA: Deci­si­on in the Danish ori­gi­nal Ger­man trans­la­ti­on (DeepL, PDF) Back­ground and prohibitions

USA: ADPPA ante portas 

From a Euro­pean per­spec­ti­ve, the U.S. cur­r­ent­ly has frag­men­ted data pro­tec­tion – one could also say tar­ge­ted data pro­tec­tion, this in con­trast to, for examp­le, the GDPR or the DSG with their exten­si­ve one-size-fits-all approach. Many sta­tes now have broa­der regu­la­ti­ons (a

How Goog­le, Micro­soft and Sales­for­ce are imple­men­ting the new SCC and what this means for mana­gers in the EEA and Switzerland 

A con­tri­bu­ti­on by Lena Göt­zin­ger and Han­nes Meyle Sin­ce Sep­tem­ber 27, 2021, the trans­fer of per­so­nal data to coun­tries out­side the EEA that do not offer an ade­qua­te level of data pro­tec­tion from the per­spec­ti­ve of the GDPR must, in princip­le, com­ply with the data pro­tec­tion pro­vi­si­ons in for­ce on Sep­tem­ber 4, 2021.

HGer ZH: Pseud­ony­miz­a­ti­on acts like anony­miz­a­ti­on for the recipient 

In its ruling HG190107‑O of May 4, 2021, the Com­mer­cial Court of Zurich ruled that pseud­ony­miz­a­ti­on has the same effect as anony­miz­a­ti­on for tho­se who can­not assign the pseud­ony­mi­zed data to a spe­ci­fic per­son. The back­ground was a plan­ned trans­fer of per­so­nal data by the defendant,

FDPIC: State­ment on the dis­clo­sure of per­so­nal data to the US SEC 

On August 4, 2021, the FDPIC issued and published an Opi­ni­on to the U.S. Secu­ri­ties and Exchan­ge Com­mis­si­on (SEC) on the per­mis­si­bi­li­ty of data trans­fers by cer­tain Swiss finan­cial firms to the SEC. The back­ground to the Opi­ni­on is a requi­re­ment of U.S. law: Even