Our series, Practical Compliance, is dedicated to investigating issues facing company leadership and counsel regarding some of the latest changes to data privacy laws in key jurisdictions around the world. As countries – as well as US states – address privacy concerns, they are taking an array of approaches, resulting in a patchwork of differing laws and regulations. Companies based in the United States with international operations must monitor continually changing privacy laws that apply to those operations. In this issue, we highlight key points about new data privacy requirements in three important jurisdictions – the European Union, China, and Brazil – with an emphasis on action steps for compliance officers. In the European Union, the General Data Protection Regulation (GDPR) has been in force since May 2018. In summer 2021, the European Commission published new Standard Contractual Clauses for transfers of personal data from the European Union to third countries, such as the United States. In August 2021, China finalized its Personal Information Protection Law (PIPL), which will enter into force on November 1, 2021. PIPL consolidates and clarifies requirements regarding use of the personal information of Chinese residents. Brazil’s General Data Protection Law (LGPD) has been in force for a year, although the penalties provided by the law did not become enforceable until August 2021. This is Brazil’s first comprehensive data protection regulation and is similar to the EU’s GDPR. |