The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more dramatic announcements...more
Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them. And if they finally work out that the GDPR applies, they then...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged,...more
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
10/4/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Model Clauses ,
Personally Identifiable Information ,
Standard Contractual Clauses
Even president-elect Donald Trump has been the victim of a data breach. Several times actually. The payment card system for his Trump Hotel Collection was infected by malware in May 2014 and 70,000 credit card numbers were...more
While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The Commission is still...more
Carrie,
A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more
6/2/2016
/ Breach Notification Rule ,
Customer Lists ,
Data Breach ,
Data Security ,
Employer Liability Issues ,
Encryption ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Laptop Computers ,
Personal Data ,
UK
There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially...more
1/29/2016
/ Binding Corporate Rules ,
Corporate Counsel ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework ,
Young Lawyers
As expected, on December 17, 2015, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted to adopt the new General Data Protection Regulation. A LIBE press release announced the...more
The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids...more
The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation. The official version will be available early in 2016, but we will be...more
EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a...more
10/28/2015
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Enforcement ,
EU ,
EU Data Protection Laws ,
European Commission ,
Facebook ,
Germany ,
Google ,
International Data Transfers ,
LIBE ,
Model Contracts ,
National Security Agency (NSA) ,
Personal Data ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
The EU Parliament committee that is charged with considering data protection matters (LIBE) has issued a press release calling on the European Commission to take action before the end of 2015 to come up with alternatives to...more
10/14/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
LIBE ,
National Security Agency (NSA) ,
Personal Data ,
Prior Express Consent ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at curia.europa.eu by searching on...more
10/6/2015
/ Binding Corporate Rules ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
US-EU Safe Harbor Framework
The initial reports of the ECJ’s decision in the Schrems Safe Harbor case (C-362/14) indicate that the Court of Justice of the EU has declared Safe Harbor invalid and sent the case back to the Irish Data Protection Authority...more
10/6/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
PRISM Program ,
UK ,
US-EU Safe Harbor Framework
The European Court of Justice (ECJ) has announced that it will release its decision in the Schrems Safe Harbor case on Tuesday, October 6. It is highly unusual for the ECJ to issue a decision so quickly after publication of...more
Does your company rely on Safe Harbor to transfer personal data from Europe to the US? If so, it’s time to think about alternatives to Safe Harbor – and fast....more
9/23/2015
/ Binding Corporate Rules ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
UK ,
US-EU Safe Harbor Framework ,
Young Lawyers
As EU data protection watchers know, the draft General Data Protection Regulation (which has been around long enough to be universally referred to by its acronym, GDPR) exists in three major versions, with a fourth version...more
On this Privacy Tuesday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over. Happy spring!...more
This webinar, the fourth in our Privacy Series, will consider issues faced by US companies who do business in Europe or simply interact with European customers. We will look at how to determine whether EU data protection laws...more
When small and mid-size companies start expanding their apps or web presence into Europe, they need to start thinking about EU data protection laws. It’s tempting to take a look at what one or two of the “big guys” do about...more
Welcome to our series, “The 12 Days of Privacy” as we look to “gifts” that may be received this season and some of the big issues ahead...more
In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis that the information is no...more
Although no major legislative milestones for the EU Data Protection Regulation have occurred since March 2014 (see status update here), there has been some progress over the late spring and early summer of 2014. One key item...more