NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement. In late December, the Austrian Data...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
News sources reported this month that the Irish data protection authority (DPA) had sent Facebook a preliminary order that would prohibit the transfer of information about European Union (EU) residents to US Facebook users....more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
McDermott Will & Emery, in partnership with Ankura is hosting an in depth webinar to discuss the complexity of global data transfer post-GDPR. Having analysed the marketplace trends and delivered BCR projects, our panel...more
On July 9, 2019, the European Court of Justice (ECJ)—the highest court of the European Union—will hear oral arguments in the Schrems 2.0 case relating to the validity of two key data transfer mechanisms: the Standard...more
Why does this topic matter to organisations? In today's world, it is increasingly important to be able to move data freely to wherever those data are needed. However, the transfer of personal data to recipients outside the...more
The implementation of the European Union (EU)’s General Data Protection Regulation (GDPR) has raised a number of questions as to how best to approach cross-border discovery. Friction between legal holds and the “right of...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court opinion stating that there are “well founded grounds” to find the Model Clauses...more
Binding Corporate Rules (BCRs) are an intracompany code of conduct that regulates the principles and rules that apply to the processing and transfer of personal data within a company group, including cross-border. BCRs were...more
With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
Article 29 Working Party on the EU-US Privacy Shield: The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016. What does this mean?...more
The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up of representatives of...more
When the European Court of Justice first invalidated the Safe Harbor we recommended here that, for most companies, staying the course by implementing general data security best practices was probably the right thing to do...more
Following the formal approval of the EU-U.S. Privacy Shield by the European Commission on 8 July 2016, the arrangement will come into force in the U.S. commencing 1 August 2016 and will provide a convenient framework to allow...more
On July 8, 2016, the Article 31 Committee, comprised of representatives of the European Union (EU) member states, voted to approve a revised Privacy Shield framework that is intended to replace the Safe Harbor framework...more
On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today's adequacy decision by the College of EU...more
The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision. On June 6, the Hamburg DPA announced that it had...more
The EU General Data Protection Regulation (the “GDPR”) was adopted by the EU Parliament last April 14, 2016. The GDPR will replace the EU Data Protection Directive (95/46/EC), which was implemented more than 20 years ago....more
As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor...more
With the Article 29 Working Party’s position on the adequacy of the EU-U.S. Privacy Shield framework agreement (Privacy Shield) decision expected this week, U.S. businesses should be evaluating privacy options and preparing...more
On February 29, 2016, the European Commission (“EC”) and the U.S. Department of Commerce (“Commerce”) released the long-awaited text of the European Union (“EU”) – United States (“U.S.”) Privacy Shield, an...more
The new EU-US Privacy Shield seeks to address the European Court of Justice’s criticisms in Schrems after the decision invalidated the Safe Harbor program for EU-US data transfers. On February 29, the EU Commission...more