A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
On the 28th of February 2023, the European Data Protection Board (hereinafter referred to as the “EDPB”) issued its Opinion on the European Commission’s draft adequacy decision regarding the EU-U.S. Data Privacy Framework. Whilst acknowledging the significant improvements made to the Data Privacy Framework such as the improved new redress mechanism under the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, the EDPB’s opinion also highlighted some issues of concern which had previously been raised so as to ensure that the new adequacy decision will be long-lasting. The principal issues of concern specifically relate to the data…
The agreement on a new EU-U.S. data privacy framework between EU Commission President Ursula Von Der Leyen and U.S. President Joe Biden had already been announced on 25 March 2022 (for background, please refer to our previous article The EU-US Privacy Shield: Third Time’s a Charm? - Mamo TCV). However, the stability and longevity of the agreement was questioned by Austrian privacy activist Max Schrems who sent an open letter to stakeholders as a warning that the new framework risks being declared invalid, and consequently being struck down by the CJEU, should no reforms to U.S. law take place to…