On 16 July 2024, Legal Notice 166 of 2024 was published in Malta. This implemented the relevant provisions of DORA (full title being Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) No 909/2014 and (EU) 2016/1011) into Maltese law. The said provisions can now be found under the Malta Financial Services Authority Act (Digital Operational Resilience Act (DORA)) Regulations, 2024 (S.L. 330.20) – the ‘Maltese Regulations’. The Maltese Regulations shall come into force on…
A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
On the 28th of February 2023, the European Data Protection Board (hereinafter referred to as the “EDPB”) issued its Opinion on the European Commission’s draft adequacy decision regarding the EU-U.S. Data Privacy Framework. Whilst acknowledging the significant improvements made to the Data Privacy Framework such as the improved new redress mechanism under the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, the EDPB’s opinion also highlighted some issues of concern which had previously been raised so as to ensure that the new adequacy decision will be long-lasting. The principal issues of concern specifically relate to the data…