Skip to main content
Category

Data Protection and Privacy

Pier on Seashore in Malta
DORA: An Overview of the Maltese Legal Provisions Data Protection and PrivacyDORATelecoms, Media & Technology

DORA: An Overview of the Maltese Legal Provisions

On 16 July 2024, Legal Notice 166 of 2024 was published in Malta. This implemented the relevant provisions of DORA (full title being Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) No 909/2014 and (EU) 2016/1011) into Maltese law. The said provisions can now be found under the Malta Financial Services Authority Act (Digital Operational Resilience Act (DORA)) Regulations, 2024 (S.L. 330.20) – the ‘Maltese Regulations’. The Maltese Regulations shall come into force on…
Warren Ciantar and Neeraj Bharwani
31st July 2024
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
New Law enables Third Parties to a Contract to benefit from Data Protection Rights Data Protection and Privacy

New Law enables Third Parties to a Contract to benefit from Data Protection Rights

A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
Mamo TCV Advocates
30th August 2023
The European Data Protection Board has issued its Opinion on the European Commission’s Draft Adequacy Decision which constitutes a new framework for transatlantic transfers of personal data.
The EDPB Issues Opinion on the New EU-U.S. Data Privacy Framework Data Protection and PrivacyLegal Updates

The EDPB Issues Opinion on the New EU-U.S. Data Privacy Framework

On the 28th of February 2023, the European Data Protection Board (hereinafter referred to as the “EDPB”) issued its Opinion on the European Commission’s draft adequacy decision regarding the EU-U.S. Data Privacy Framework. Whilst acknowledging the significant improvements made to the Data Privacy Framework such as the improved new redress mechanism under the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, the EDPB’s opinion also highlighted some issues of concern which had previously been raised so as to ensure that the new adequacy decision will be long-lasting. The principal issues of concern specifically relate to the data…
Mamo TCV Advocates
3rd March 2023
U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
The New EU-US Personal Data Transfer Framework Data Protection and Privacy

The New EU-US Personal Data Transfer Framework

The agreement on a new EU-U.S. data privacy framework between EU Commission President Ursula Von Der Leyen and U.S. President Joe Biden had already been announced on 25 March 2022 (for background, please refer to our previous article The EU-US Privacy Shield: Third Time’s a Charm? - Mamo TCV). However, the stability and longevity of the agreement was questioned by Austrian privacy activist Max Schrems who sent an open letter to stakeholders as a warning that the new framework risks being declared invalid, and consequently being struck down by the CJEU, should no reforms to U.S. law take place to…
Nicole Bonett and Warren Ciantar
28th November 2022
EU Legislation
Deadline for Third Country Personal Data Transfers: EU Standard Contractual Clauses Data Protection and PrivacyLegal Updates

Deadline for Third Country Personal Data Transfers: EU Standard Contractual Clauses

On 27th June 2021, the European Commission unveiled the new set of EU Standard Contractual Causes (‘SCCs’) that are to be used in instances when personal data are to be transferred from the EU/EEA to a third country. These new SCCs replaced an older version and are now required in those instances where the old SCCs were being relied on, as opposed to other derogations that may be applicable, for any contract involving transfers of personal data to third countries, signed after the 27th September 2021. Meanwhile a transitory ‘grace’ period was granted to any contracts which already incorporated the…
Mamo TCV Advocates
31st October 2022
The EU Data Act – Not Another GDPR
The EU Data Act – Not Another GDPR Data Protection and Privacy

The EU Data Act – Not Another GDPR

On 23 February 2022, the EU Commission proposed measures regulating the use and access of data, not being ‘personal data’ as understood by the GDPR, within the European Union across all economic sectors. The regulation of the use of data is essential given that data continues to be generated yet underutilised. The draft Regulation is to be read in conjunction with the EU’s Data Governance Act. The aim of the Data Act is to lay down common standards on the re-use of data across sectors. In this manner, the Act operates together with other legislation that has failed to address…
Warren Ciantar and Nicole Bonett
30th August 2022