Deadline to adopt EU Standard Contractual Clauses -
Many organizations uses the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European Economic Area (EEA) to other...more
10/6/2022
/ Breach of Contract ,
Data Transfers ,
Disclosure Requirements ,
Economic Sanctions ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
National Security ,
New Guidance ,
Personal Data ,
Risk Assessment ,
SCC ,
Schrems I & Schrems II
The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs (SCCs Addendum). The...more
The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more dramatic announcements...more
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness of transferring personal...more
The European Commission has adopted (at long last) an updated version of the Standard Contractual Clauses (SCCs), bringing this popular data transfer mechanism in line with the GDPR – and, we hope, the Schrems II decision. ...more
In a solid step forward for EU to UK personal data transfers, the European Commission has published its draft adequacy decision that will (if finally adopted) permit personal data to flow freely from the EU to the UK. As we...more
The new 1,246-page Trade and Cooperation Agreement (TCA) between the United Kingdom and the European Union has ended the suspense over what restrictions will apply to the transfer of personal data between the EU and the UK...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
11/16/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of...more
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by...more
7/16/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Does your organization transfer personal data from the European Union to the US? If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union. The Schrems II case...more
7/9/2020
/ Advocate General ,
Binding Corporate Rules ,
Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2 risks in the workplace. ...more
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not...more
Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal. There is, in fact, a plan, and it’s a reasonable, practical...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged,...more
One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent. For many years, companies operating in...more
12/19/2017
/ Article 29 Working Party (WP29) ,
Consent ,
Corporate Counsel ,
Data Controller ,
Data Protection ,
Direct Marketing ,
Draft Guidance ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Public Comment ,
Young Lawyers
Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance.
The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European...more
10/25/2017
/ Article 29 Working Party (WP29) ,
Automated Systems ,
Behavioral Advertising ,
Data Processing Rules ,
Data Processors ,
Data Profiling ,
Decision-Making Process ,
Draft Guidance ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Personal Data ,
Public Comment
Many companies have started the potentially lengthy process of auditing their service provider contracts to make sure that they comply with the requirements of the General Data Protection Regulation, which comes into force on...more
9/14/2017
/ Contract Terms ,
Data Controller ,
Data Protection ,
Draft Guidance ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internal Audit Functions ,
Personal Data ,
UK
The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. One crucial...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) -
The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
7/25/2016
/ Consent ,
Data Protection Authority ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will...more
7/12/2016
/ Data Protection ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Registration Requirement ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
US companies and policy makers will no doubt spend a good chunk of the day today considering the possible implications for them of yesterday’s UK vote for Brexit. Mark Carney, Governor of the Bank of England, has issued a...more
Carrie,
A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more
6/2/2016
/ Breach Notification Rule ,
Customer Lists ,
Data Breach ,
Data Security ,
Employer Liability Issues ,
Encryption ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Laptop Computers ,
Personal Data ,
UK
The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law. The Act, which we covered in an earlier blog post, gives citizens of foreign countries the same rights as US...more