The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more dramatic announcements...more
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness of transferring personal...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of...more
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by...more
7/16/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2 risks in the workplace. ...more
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not...more
Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal. There is, in fact, a plan, and it’s a reasonable, practical...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data Protection Regulation....more
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged,...more
One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent. For many years, companies operating in...more
12/19/2017
/ Article 29 Working Party (WP29) ,
Consent ,
Corporate Counsel ,
Data Controller ,
Data Protection ,
Direct Marketing ,
Draft Guidance ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Public Comment ,
Young Lawyers
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
10/4/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Model Clauses ,
Personally Identifiable Information ,
Standard Contractual Clauses
Many companies have started the potentially lengthy process of auditing their service provider contracts to make sure that they comply with the requirements of the General Data Protection Regulation, which comes into force on...more
9/14/2017
/ Contract Terms ,
Data Controller ,
Data Protection ,
Draft Guidance ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internal Audit Functions ,
Personal Data ,
UK
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will...more
7/12/2016
/ Data Protection ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Registration Requirement ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
US companies and policy makers will no doubt spend a good chunk of the day today considering the possible implications for them of yesterday’s UK vote for Brexit. Mark Carney, Governor of the Bank of England, has issued a...more
The European Commission has finally made the draft text of the EU-US Privacy Shield program available... The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will...more
As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at curia.europa.eu by searching on...more
10/6/2015
/ Binding Corporate Rules ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
US-EU Safe Harbor Framework
The initial reports of the ECJ’s decision in the Schrems Safe Harbor case (C-362/14) indicate that the Court of Justice of the EU has declared Safe Harbor invalid and sent the case back to the Irish Data Protection Authority...more
10/6/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
PRISM Program ,
UK ,
US-EU Safe Harbor Framework
Does your company rely on Safe Harbor to transfer personal data from Europe to the US? If so, it’s time to think about alternatives to Safe Harbor – and fast....more
9/23/2015
/ Binding Corporate Rules ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
UK ,
US-EU Safe Harbor Framework ,
Young Lawyers
Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of personal...more
As EU data protection watchers know, the draft General Data Protection Regulation (which has been around long enough to be universally referred to by its acronym, GDPR) exists in three major versions, with a fourth version...more
This webinar, the fourth in our Privacy Series, will consider issues faced by US companies who do business in Europe or simply interact with European customers. We will look at how to determine whether EU data protection laws...more
The draft Data Protection Regulation doesn’t offer many carrots to business – and a recent announcement by the Council of the European Union takes away one of the biggest carrots, the “One-Stop Shop” mechanism....more
In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis that the information is no...more