On October 18, the Article 29 Working Party released its draft of “Guidelines on Personal data breach notification under Regulation 2016/679” (“Guidelines on Personal data breach notification,” WP250). The guidelines are not...more
On October 18, the Article 29 Working Party released its draft of “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679” (“Guidelines on Automated individual decision-making...more
On October 18, 2017, the EU Commission (“Commission”) published its report and other working documents (“Report”) on its first annual review of the EU-US Privacy Shield Framework (“Privacy Shield”). The Report summarizes that...more
The UK government has taken an additional step in its attempts to find a way to ensure uninterrupted data flows between the UK and the EU after Brexit. On 13 September 2017, the UK government introduced a draft Data...more
The European Data Protection Supervisor (EDPS) has recommended further changes to the proposed ePrivacy Regulation that would have significant impacts on the electronic communication sector and other online companies. In a...more
The EU General Data Protection Regulation’s (GDPR) requirements are coming into focus quickly as EU data protection authorities continue to issue guidance on different aspects of the law. On April 4, 2017, the Article 29...more
The UK Information Commissioner’s Office (ICO) continues to play an active role in shaping data protection law in the EU, notwithstanding the UK’s decision to leave the EU in the aftermath of Brexit. On April 6, 2017, the ICO...more
While companies prepare for the EU General Data Protection Regulation (GDPR) to take effect in May 2018, another highly significant item on the agenda is arguably the current review process of the proposal for a Regulation on...more
On January 10, 2017, the European Commission presented its proposal for a Regulation on Privacy and Electronic Communications (the “Proposed Regulation”). The Proposed Regulation would repeal and replace Directive 2002/58/EC...more
On December 21, 2016, the Grand Chamber of the Court of Justice of the European Union handed down another important judgment regarding data privacy in the European Union. The court held that under the Charter on Fundamental...more
The EU’s Article 29 Working Party (WP29) held a plenary meeting in early December 2016. At the meeting, the WP29 adopted guidelines and issued FAQs relating to the EU General Data Protection Regulation’s (GDPR’s) provisions...more
As we wait for the UK to decide what arrangement it will seek with the European Union (the "EU") when it leaves, it may be useful to focus on what Brexit may mean for data protection.
Two months after the European...more
The Privacy Shield framework is a voluntary program that provides companies with a mechanism for complying with EU data protection requirements when transferring personal data from the EU to the US. The framework is open to...more
The European Commission formally adopted the EU-US Privacy Shield on July 12, 2016, ending months of legal uncertainty with a new framework for governing transatlantic data transfers after the Privacy Safe Harbor framework...more
7/13/2016
/ Data Protection Authority ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Privacy Policy ,
Self-Certification ,
Surveillance ,
Third-Party ,
U.S. Commerce Department
On Monday, February 29th, the European Commission and U.S. Department of Commerce released a collection of documents summarizing actions taken on both sides of the Atlantic to implement the new Privacy Shield framework. This...more
3/2/2016
/ Article 29 Working Group ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On December 15, 2015, the European Union reached an agreement on the final text of the new General Data Protection Regulation. The Regulation will replace the 1995 Data Protection Directive, which is currently the basis for...more
In a landmark judgment in Schrems v Data Protection Commissioner (C-362/14) (October 6, 2015) (“Safe Harbor judgment”), the European Court of Justice (“ECJ”) found the Safe Harbor Decision of the European Commission...more