A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
U.S. companies can now self-certify to permit personal data to freely flow from the Europe to the United States.
U.S. organizations can now self-certify their compliance with the EU-U.S. Data Privacy Framework (DPF) to...more
7/27/2023
/ BCRs ,
Data Integrity ,
Data Privacy ,
Data Security ,
Department of Transportation (DOT) ,
Enforcement ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier...more
6/30/2021
/ Binding Corporate Rules ,
Corporate Counsel ,
EU-US Privacy Shield ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK GDPR
The European Commission’s decision of 4 June 2021 finalises the new SCCs for transferring personal data from the EEA.
After invalidation of the Privacy Shield by Europe’s top court, many businesses came to rely upon...more
The EDPB has issued recommendations concerning how organisations may lawfully transfer personal data from Europe to “third countries” (e.g., the U.S. and currently the UK from 1.1.2021) in light of the recent Schrems II...more
11/25/2020
/ EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legal Systems ,
New Guidance ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Trans-Atlantic transfer scheme relied on by thousands of EU and U.S. organisations to transfer personal data from the EU to the U.S. deemed invalid by the Court of Justice of the European Union (CJEU).
Privacy Shield has...more
7/17/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
This guide has been compiled to give an overview of the rudimentary legal aspects that should be considered by anyone thinking of establishing a business in the UK. It is aimed at businesses that may already be established in...more
1/27/2020
/ Board of Directors ,
Business Assets ,
Business Development ,
Business Entities ,
Business Formation ,
Capital Formation ,
Capital Gains ,
Corporate Governance ,
Data Breach ,
Data Processors ,
Data Protection ,
Debt Collection ,
Employer Liability Issues ,
Employment Tax ,
Foreign Workers ,
General Data Protection Regulation (GDPR) ,
Insolvency ,
Intellectual Property Protection ,
International Data Transfers ,
Libor ,
Personal Data ,
Privacy Laws ,
Real Estate Transactions ,
Shareholders ,
Startups ,
UK ,
UK Brexit ,
Value-Added Tax (VAT)
How will the new European Union data protection law affect U.S. nonprofit organizations?
Nonprofit organizations based in the U.S. can often handle large amounts of data which originates in the EU—for example, they may...more
4/24/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Nonprofits ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Websites
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
The Irish High Court has “well-founded” concerns that there is no...more
11/17/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses
A new data protection framework (the GDPR) has been adopted, significantly changing current EU laws. It will take the form of a Regulation and so will be directly applicable in all EU Member States from 25 May 2018. Once in...more
With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
8/16/2016
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection Authority ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Contracts ,
Personal Data ,
U.S. Commerce Department ,
US Department of State ,
US-EU Safe Harbor Framework
The final text of the significant new EU General Data Protection Regulation (GDPR) has now been published (4 May 2016) in the Official Journal of the European Union. This means the clock is now ticking for the sweeping new...more
On February 2, 2016, the European Commission and the U.S. Department of Commerce reached an accord on a new transatlantic data transfer protocol. Nicknamed the EU-U.S. Privacy Shield, the framework would replace the...more
The Court of Justice of the European Union (CJEU) has been very busy in recent weeks re-shaping EU privacy laws. In addition to the much-anticipated decision in “Schrems” (Case C-362/14), which essentially rules the US-EU...more
10/29/2015
/ Compliance ,
Cybersecurity ,
Data Protection ,
Debt Collection ,
European Commission ,
European Court of Justice (ECJ) ,
Hungary ,
International Data Transfers ,
Member State ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Sanctions ,
US-EU Safe Harbor Framework
Europe’s top court ruled that U.S. companies relying upon the “Safe Harbor Framework” data sharing regime to maintain information regarding EU citizens is “invalid.” This means that any company relying upon the Safe Harbor...more
10/8/2015
/ Binding Corporate Rules ,
Data Protection ,
European Court of Justice (ECJ) ,
International Data Transfers ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Privacy Policy ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
In a further push towards “privacy by design,” the Article 29 Working Party, which is made up of representatives from the various EU data protection authorities, has recently approved the use of Binding Corporate Rules...more