Earlier today, the European Commission approved and adopted a new version of the Standard Contractual Clauses (SCCs) that revises how data may be transferred by including additional privacy and legal safeguards. The remodeled...more
On November 12, 2020, the European Commission (“EC”) published a draft implementing decision on standard contractual clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the General Data...more
12/7/2020
/ Cross-Border Transactions ,
Data Controller ,
Data Processors ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
As many organizations continue to struggle with the fallout from the July 2020 Schrems II decision from the European Court of Justice (“CJEU”), in November, the European Data Protection Board (“EDPB”) published two pieces of...more
12/2/2020
/ Audits ,
Data Transfers ,
Due Diligence ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
Executive Orders ,
FISA ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to...more
9/11/2020
/ Binding Corporate Rules ,
Brazil ,
Certifications ,
Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Officers (DPOs) ,
Economic Sanctions ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Noncompliance ,
Penalties ,
Personal Data
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Under the ePrivacy Directive, in conjunction with the GDPR, the use of nonessential cookies (e.g., advertising and analytics) requires an affirmative, opt-in consent.
Pre-ticked check boxes and other defaults that do not...more
10/15/2019
/ Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Data Subjects Rights ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Germany ,
Online Gaming ,
Opt-In ,
Personal Data
...On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019...more
4/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Opt-In ,
Personal Data ,
Private Right of Action ,
Proposed Amendments ,
Regulatory Oversight ,
Right to Be Forgotten ,
Third-Party Service Provider
...On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020. Introduced just a week earlier in an effort to defeat a much stricter...more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Right to Be Forgotten ,
State and Local Government
On July 8, 2016, the Article 31 Committee, comprised of representatives of the European Union (EU) member states, voted to approve a revised Privacy Shield framework that is intended to replace the Safe Harbor framework...more
7/14/2016
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Registration Requirement ,
Self-Certification ,
Standard Contractual Clauses ,
Surveillance ,
Third-Party ,
U.S. Commerce Department ,
UK ,
UK Brexit ,
US-EU Safe Harbor Framework
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last month, stating that although the Privacy Shield was a “great step...more
5/3/2016
/ Article 29 Working Party (WP29) ,
Automotive Industry ,
Binding Corporate Rules ,
Data Collection ,
Data Processors ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Policy ,
Standard Contractual Clauses
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last week, stating that although the Privacy Shield was a “great step...more
4/18/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Consent ,
Cyber Incident Reporting ,
Data Breach Plans ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Privacy Policy ,
Sarbanes-Oxley ,
Standard Contractual Clauses ,
Surveillance ,
US-EU Safe Harbor Framework
With the Article 29 Working Party’s position on the adequacy of the EU-U.S. Privacy Shield framework agreement (Privacy Shield) decision expected this week, U.S. businesses should be evaluating privacy options and preparing...more
4/12/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses ,
U.S. Commerce Department
On February 29, 2016, the European Commission released the full text of the new EU-U.S. Privacy Shield framework that will govern the transfer of personal data between the European Union and the United States. The EU and U.S....more
3/3/2016
/ Article 29 Working Party (WP29) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On February 2, the United States and the European Commission reached tentative agreement on a new framework for the transfer of personal data between the European Union and the United States called the EU-U.S. Privacy Shield....more
2/4/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On October 6, 2015, the European Court of Justice — Europe’s highest court — invalidated the Safe Harbor agreement and framework that has permitted more than 4,000 companies to transfer personal data from the EU to the U.S....more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Prior Express Consent ,
PRISM Program ,
SCC ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework