On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case...more
In a landmark opinion issued on July 16, 2020, the European Court of Justice overturned the EU-U.S. Privacy Shield, less than four years after the European Commission decision that the privacy principles of the EU-U.S....more
The European Data protection Board (“EDPB”), which is composed of representatives of the national data protection authorities, and the European Data Protection Supervisor, adopted its report on the second annual review of the...more
Three years ago, the European Court of Justice killed the US-EU Safe Harbor Program. In the wake of the decision, American and EU negotiators developed the “Privacy Shield” program to facilitate cross-Atlantic data transfers....more
In reviewing the first year of implementation of the European Union-United States Privacy Shield, the Commission to the European Parliament and the Council declared it “adequate.”...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
Businesses have now had four months to get to grips with the new EU-U.S. Privacy Shield for transatlantic data transfers after it came into force in August 2016. As the New Year looms, what are the emerging trends we have...more
According to a press release of the Data Protection Supervisory Authority in the Land Mecklenburg Vorpommern of November 3, German supervisory authorities have randomly selected 500 companies in Germany and sent them requests...more
The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up?...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
On July 12, 2016, the European Commission formally adopted the Privacy Shield, a new transatlantic framework for the transfer of personal data from the European Union (EU) and certain countries of the European Economic Area...more
Beginning on August 1, 2016, U.S. companies have a new way to legally facilitate the transfer of personal data from the European Union to the U.S. Known as the EU-U.S. Privacy Shield, this new agreement between the EU and the...more
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted...more
Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare? ...more
If your company transfers the personal information of European Union citizens to the United States, you likely have kept a close eye on the evolution of EU privacy law since a European court invalidated the former EU-U.S....more
When the new EU-US Privacy Shield was adopted all the way back on the 12th of July, we were quoted in the media discussing the fact that formal legal challenges to it were inevitable. By the time the dust settled enough to...more
Article 29 Working Party on the EU-US Privacy Shield: The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016. What does this mean?...more
Following European Commission adoption of the Privacy Shield on July 12, 2016, and with Privacy Shield self-certification poised to open for business organizations on August 1, 2016 as a replacement for the invalidated...more
You may recall our previous posts about the drafting and negotiation of the EU-US Privacy Shield, the law designed to implement a data sharing agreement that sets specific privacy standards for companies sharing information...more
Notice Requirements - The Privacy Shield notice requirements are more specific and detailed than what was required by the Safe Harbor regime. Safe Harbor required a privacy policy to provide information on data...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
When the European Court of Justice first invalidated the Safe Harbor we recommended here that, for most companies, staying the course by implementing general data security best practices was probably the right thing to do...more
After more than two years of negotiations, on July 12, 2016, the European Commission formally adopted the EU-U.S. Privacy Shield (the “Privacy Shield”) framework as a valid mechanism for transfers of personal data from the EU...more
Earlier this week, the European Commission voted to formally approve the Privacy Shield—a set of principles agreed between the E.U. and the U.S. to enable certified U.S. companies to receive and process personal data from the...more