The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs (SCCs Addendum). The...more
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness of transferring personal...more
The new standard agreement for service providers (which we’ll refer to as the Controller-Processor SCCs) adopted by the European Commission on June 4th was understandably a bit overshadowed by the release on the same date of...more
The European Commission has adopted (at long last) an updated version of the Standard Contractual Clauses (SCCs), bringing this popular data transfer mechanism in line with the GDPR – and, we hope, the Schrems II decision. ...more
In a solid step forward for EU to UK personal data transfers, the European Commission has published its draft adequacy decision that will (if finally adopted) permit personal data to flow freely from the EU to the UK. As we...more
The new 1,246-page Trade and Cooperation Agreement (TCA) between the United Kingdom and the European Union has ended the suspense over what restrictions will apply to the transfer of personal data between the EU and the UK...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of...more
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union. The answer is: Not yet. The threat of a...more
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not...more
Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal. There is, in fact, a plan, and it’s a reasonable, practical...more
Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them. And if they finally work out that the GDPR applies, they then...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged,...more
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: “Our first review shows that the Privacy Shield works well, but there...more
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
10/4/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Model Clauses ,
Personally Identifiable Information ,
Standard Contractual Clauses
Even president-elect Donald Trump has been the victim of a data breach. Several times actually. The payment card system for his Trump Hotel Collection was infected by malware in May 2014 and 70,000 credit card numbers were...more
The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more
Does your company rely on Safe Harbor to transfer personal data from Europe to the US? If so, it’s time to think about alternatives to Safe Harbor – and fast....more
9/23/2015
/ Binding Corporate Rules ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
UK ,
US-EU Safe Harbor Framework ,
Young Lawyers
This webinar, the fourth in our Privacy Series, will consider issues faced by US companies who do business in Europe or simply interact with European customers. We will look at how to determine whether EU data protection laws...more
(LONDON) Privacy practitioners from the US and Europe gathered in London on April 30 and May 1 to discuss current thinking about privacy policy, regulation and compliance at the IAPP’s European Data Protection Intensive...more
(LONDON) The European Commission announced yesterday that it is working towards a revised timeline for the adoption of a definitive Data Protection Regulation by the end of 2014.
While Commissioner Viviane Reding’s...more
(LONDON) As widely expected, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted today in favor of a revised, even tougher draft of the Data Protection Regulation that will (if...more
(LONDON) The European Commission recently published a draft “Cybersecurity Directive” which aims to increase the level of preparedness across the EU to deal with threats to network and information security. The Directive...more