2023 is shaping up to be a landmark year for data privacy, on both sides of the Atlantic. In the US, four new state laws go into effect – two on July 1 – while California is expanding its already robust requirements, and...more
7/18/2023
/ Artificial Intelligence ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Corporate Counsel ,
Data Mapping ,
Data Privacy ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Information Reports ,
International Data Transfers ,
Privacy Framework ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Oversight ,
State Privacy Laws ,
Strategic Planning ,
Surveys ,
UK ,
UK Data Protection Act
On July 10, 2023, the EU Commission approved the EU-U.S. Data Privacy Framework (“EU-US DPF”) as a valid transfer mechanism for sharing personal data from European Economic Area countries (those in the EU plus Iceland,...more
7/13/2023
/ Adequacy Requirement ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Framework Agreement ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Norway ,
Popular ,
Self-Certification ,
Switzerland ,
UK
Hell hath no fury like a bureaucracy scorned. Do you know a person who insists on having his own way all the time and who wants to control your relationships with others? I hope not, but many of us do....more
Top 3 Takeaways -
On Friday, June 4, 2021, the European Commission adopted two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to “third...more
Just when you thought it was safe to send your data across the water, the distinctive dorsal fin of Schrems II breaks the surface.
The EU, who can barely be convinced that the UK’s data privacy law is “adequate” despite...more
Stephanie Lambert, Chief Compliance Counsel with NetScout Systems, Inc., and Womble Bond Dickinson partner and veteran cyber attorney Ted Claypoole talk with host and business litigator, Mark Henriques, about the current...more
3/22/2021
/ Antitrust Provisions ,
Chief Compliance Officers ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Storage ,
Information Governance ,
International Data Transfers ,
Privacy Laws ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Technology Sector
The movement to localize some or all of internet data has grown over the past five years as countries introduce new laws restricting data flows, and others try to boost local businesses by placing burdens on international...more
2/23/2021
/ Algorithms ,
Authoritarian Regimes ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Localization Law ,
EU-US Privacy Shield ,
Foreign Relations ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Schrems I & Schrems II ,
Surveillance ,
Technology Sector
Stung by Brexit and set adrift by a neglectful U.S. foreign policy, the European Union has started to explore new ways of breaking away from the rest of the world, including taking steps to cordon EU data into locally managed...more
12/4/2020
/ Cybersecurity ,
Data Collection ,
Data Localization Law ,
Data Privacy ,
E-Commerce ,
First Amendment ,
Foreign Policy ,
Free Speech ,
International Data Transfers ,
Internet ,
New Regulations ,
UK Brexit
Meet the Euro-crats who think that the European Union needs to behave more like Russia and China.
More like Nigeria, Kazakhstan, and Indonesia.
These leaders are pushing not just to punish U.S. firms for successfully...more
The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision....more
8/12/2020
/ Contract Terms ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
International Data Transfers ,
National Security ,
Personal Data ,
Standard Contractual Clauses ,
UK Brexit
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework...more
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
One of the EU’s chief complaints against US privacy practices is the lack of enforcement of the EU-U.S. Privacy Shield Framework (Privacy Shield). Last week we saw a US enforcement action that may allay this concern. The US...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
3/19/2019
/ Corporate Counsel ,
Data Protection ,
Data Protection Authority ,
EU-US Privacy Shield ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Policy ,
Swiss Privacy Shield ,
UK Brexit ,
Withdrawal Agreement
Were the Beatles still recording today, they might have to add this verse to Taxman. As what will surely be the opening salvo in government efforts to find ways to recapture the value of the personal data upon which so much...more
Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative...more
8/16/2018
/ Cybersecurity ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more
On January 11, 2017, the Swiss Federal Council announced that a new framework will govern the transfer of personal data from Switzerland to the US. According to the Federal Council, the Swiss-US Privacy Shield Framework...more
After months of uncertainty, the U.S. again has a framework of rules to follow that will govern U.S. business’ use of EU residents’ data. The European Commission approved the text of the EU-U.S. Privacy Shield (the “Privacy...more
7/14/2016
/ EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ombudsman ,
Opt-Outs ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
Third-Party Agents ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
European privacy law is a bold new world for U.S. businesses doing business in Europe. An October Court of Justice ruling struck down the Safe Harbor arrangement which had governed E.U.-U.S. data transfer transactions for...more
6/8/2016
/ Binding Corporate Rules ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
International Data Transfers ,
Personal Data ,
Right to Be Forgotten ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The U.S. and EU are one step closer to implementing the new EU-U.S. Privacy Shield. On March 1, 2016, the European Commission and U.S. Department of Commerce announced the release of the legal texts that will put in place...more
The U.S. and E.U. are one step closer to entering into a new data transfer agreement. On February 24, 2016, President Barack Obama signed into legislation the Judicial Redress Act, giving citizens of certain allied countries,...more
United States and European Union officials have reached a last-minute agreement in an attempt to salvage the US-EU Data Transfer Safe Harbor, nearly four months after the European Court of Justice issued an opinion...more
2/4/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Schrems I & Schrems II ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework