The European Commission has published its long-awaited draft of the new EU-US Data Privacy Framework, available here. The Data Privacy Framework will replace the Privacy Shield decision that was invalidated in July 2020 by...more
Do you transfer or receive personal data from the United Kingdom? If so, there are some important developments in the UK to factor into your data protection compliance program. In a major change of policy, some organizations...more
The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs (SCCs Addendum). The...more
Out with the old EU Standard Contractual Clauses (as of September 27th) -
Organizations that use the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European...more
The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more dramatic announcements...more
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness of transferring personal...more
The new standard agreement for service providers (which we’ll refer to as the Controller-Processor SCCs) adopted by the European Commission on June 4th was understandably a bit overshadowed by the release on the same date of...more
The European Commission has adopted (at long last) an updated version of the Standard Contractual Clauses (SCCs), bringing this popular data transfer mechanism in line with the GDPR – and, we hope, the Schrems II decision. ...more
In a solid step forward for EU to UK personal data transfers, the European Commission has published its draft adequacy decision that will (if finally adopted) permit personal data to flow freely from the EU to the UK. As we...more
The new 1,246-page Trade and Cooperation Agreement (TCA) between the United Kingdom and the European Union has ended the suspense over what restrictions will apply to the transfer of personal data between the EU and the UK...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of...more
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by...more
7/16/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Does your organization transfer personal data from the European Union to the US? If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union. The Schrems II case...more
7/9/2020
/ Advocate General ,
Binding Corporate Rules ,
Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union. The answer is: Not yet. The threat of a...more
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged,...more
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: “Our first review shows that the Privacy Shield works well, but there...more
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
10/4/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Model Clauses ,
Personally Identifiable Information ,
Standard Contractual Clauses
The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up of representatives of...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) -
The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
7/25/2016
/ Consent ,
Data Protection Authority ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will...more
7/12/2016
/ Data Protection ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Registration Requirement ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented on July 11th to the LIBE committee of the European Parliament. LIBE’s...more
US companies and policy makers will no doubt spend a good chunk of the day today considering the possible implications for them of yesterday’s UK vote for Brexit. Mark Carney, Governor of the Bank of England, has issued a...more