It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be...more
Starting this fall, companies transferring personal data from the European Economic Area (EEA) will likely begin to see a flurry of contract renegotiations. On June 4, 2021, the European Commission adopted long awaited new...more
6/17/2021
/ Cross-Border ,
Data Security ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The FTC recently settled with Flo Health, Inc., a popular fertility-tracking app, based on promises made about how health data would be shared. In its complaint, the FTC alleged that while Flo promised to keep users’ health...more
Companies who transfer data from the EU to the U.S. are struggling to determine the appropriate basis under which they can make these transfers. Continuing our examination of the outcome of this decision, we think now about...more
U.S. companies are in a bind in the wake of the recent EU decision rejecting the validity of the Privacy Shield. While it is clear that the EU will not accept Privacy Shield participation as a basis for transferring data from...more
On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to...more
The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming...more
3/5/2020
/ Annual Reports ,
Comment Period ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Statistics ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
NIST ,
Rulemaking Process
Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and...more
The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to...more