NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Last week started and ended with big announcements in the privacy world. At the end of the week, on August 14th, the regulations implementing the California Consumer Privacy Act of 2018 (CCPA) were finally declared final -...more
In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs,...more
Still grappling with the aftershocks of the Schrems II decision from the CJEU on July 16 (we previously discussed the Schrems II decision here), the European Data Protection Board (“EDPB”) has issued a Frequently Asked...more
In our Schrems II Practical Guidance special reports, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared...more
Key Takeaways - The EU-U.S. Privacy Shield does not ensure an adequate level of protection of personal data and is therefore not a lawful basis for data transfers to the U.S....more
On July 16, 2020, the Court of Justice of the European Union (CJEU) struck down the EU-U.S. Privacy Shield as a valid mechanism for transferring personal data from the European Economic Area (EEA) to the United States...more
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
In 2015, the European Court of Justice struck down Safe Harbor, the legal device that enabled data transfers from the European Union to the United States. This summer, Safe Harbor’s successor, Privacy Shield, may meet the...more
The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018,...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
There was a new and potentially significant development this week in the Irish courts that could mark the start of a fundamental change in the field of privacy law and the transfer of personal data from the European Union to...more
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to...more
With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
Article 29 Working Party on the EU-US Privacy Shield: The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016. What does this mean?...more
The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for the national data-protection laws in each EU member state. The Directive states that personal data may only be transferred to...more
When the European Court of Justice first invalidated the Safe Harbor we recommended here that, for most companies, staying the course by implementing general data security best practices was probably the right thing to do...more
On July 8, 2016, the Article 31 Committee, comprised of representatives of the European Union (EU) member states, voted to approve a revised Privacy Shield framework that is intended to replace the Safe Harbor framework...more
On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today's adequacy decision by the College of EU...more
In October 2015, the European Court of Justice invalidated the US-EU Safe Harbor Program in the landmark Schrems v. Data Protection Commissioner decision. The Safe Harbor was a 15-year old program that had allowed American...more
European privacy law is a bold new world for U.S. businesses doing business in Europe. An October Court of Justice ruling struck down the Safe Harbor arrangement which had governed E.U.-U.S. data transfer transactions for...more
Directive 95/46/EC of 24 October 1995 - Articles 25 and 26 - The transfer of personal data to a third country is allowed: ..if the third country ensures an adequate level of protection; the Commission can...more
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last week, stating that although the Privacy Shield was a “great step...more
On April 13, 2016, the Article 29 Working Party, which is a group composed of representatives of the national data protection authorities in Europe (“WP29”), published its opinion (“Opinion”) on the EU–U.S. Privacy Shield....more
Let’s say an American commercial litigator is working to defend a multinational client that has been sued in the U.S. The litigator may realize that he or she needs to collect emails or other documents from the client’s...more