In late 2015, the European Court of Justice (ECJ) issued its initial Schrems decision, invalidating the EU/US Safe Harbor and leading to important developments in the rules for transferring personal data from the EU to the...more
About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation. The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy...more
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant....more
On November 16, 2017, the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority.” Following Austria, Germany, and the UK, Belgium is the fourth EU member state to pass a domestic statute...more
In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield. DRI filed its challenge before the General Court of the...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
This is Part 2 of a two-part English-language overview of Germany’s recently passed new version of the Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG)—the BDSG-New, which implements the EU General Data...more
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection...more
Recent media reports indicated that Germany was considering legislation that would fine social networks for failing to combat fake news and hate speech. Today, German Justice Minister Heiko Maas introduced a “Draft Law to...more
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”). The press release...more
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR). This is part one of a three-part Alston &...more
Most privacy professionals are familiar with the European Court of Justice’s 2015 Schrems decision, which struck down the US-EU Safe Harbor mechanism. One lesser-discussed aspect of the ECJ’s decision related to the powers...more
Late last week, 10 of Germany’s 17 Data Protection Authorities (DPAs) announced they are planning to send written questionnaires to approximately 500 different companies regarding international data transfers. The following...more
Today, the European Court of Justice (ECJ) issued its long-awaited decision in Breyer v. Germany. Breyer addresses the question of whether IP addresses are “personal data” for purposes of EU data protection law. As is...more
On June 7, 2016, the European Commission adopted the US-EU Privacy Shield. Companies that self-certify under Privacy Shield with the US Department of Commerce – dubbed “Privacy Shield organizations” – are thus officially...more
Just under a year ago today, the European Court of Justice (ECJ) issued its Schrems decision, which invalidated Safe Harbor and led to substantial developments in US-EU data-transfer mechanisms. In parallel to the ECJ Safe...more
On May 25, 2018, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of processing...more
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted...more
Just over two weeks ago, the European Commission formally adopted the US-EU Privacy Shield. As part of making Privacy Shield accessible to EU residents, the Commission has long planned to issue a “Citizen’s Guide” to the...more
Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s...more
One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR is set to replace the Data Protection Directive (95/46/EC) of 1995. After the Council of...more
Last week, we reported that the Council of Ministers accelerated the timetable for passage of the General Data Protection Regulation (GDPR). The European Parliament followed suit and approved the GDPR this morning. As a...more
On April 13, 2016, the Article 29 Working Party (“Art. 29 WP”) held a press conference at which it presented its forthcoming opinion on the adequacy of the US-EU Privacy Shield....more