Hunton Andrews Kurth writes:
On April 27, 2021, the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados, the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. or other third countries that have not been recognized as providing an adequate level of data protection.
The INE gathers data from Portuguese residents from 2021 Census surveys and transfers it to Cloudfare, Inc. (“Cloudfare”), a service provider in the U.S. that assists the surveys’ operation. EU Standard Contractual Clauses (“SCCs”) are in place with the U.S. service provider to legitimize the data transfers.
Read more on Privacy & Information Security Law Blog.