Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
As more and more states enact laws that mirror aspects of GDPR, and as companies begin to get used to the EU’s new standard contractual clauses, now may be a good opportunity for a refresh on data sharing agreements. As most...more
In a significant milestone for EU-U.S. cross-border transfers of personal data under Article 45 of the General Data Protection Regulation (GDPR), the European Commission adopted an adequacy decision for the new EU-U.S. Data...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The European Union limits the transfer of EU personal data to countries whose privacy regimens are not deemed “adequate,” like the United States. American companies have tended to rely upon Standard Contractual Clauses (SCC)...more
The European Commission’s long-awaited updates to the Standard Contractual Clauses (“SCCs”) have arrived. Data protection lawyers globally have eagerly anticipated these changes, which are necessary to address a legal...more
The European Commission’s decision of 4 June 2021 finalises the new SCCs for transferring personal data from the EEA. After invalidation of the Privacy Shield by Europe’s top court, many businesses came to rely upon...more
On June 4, 2021, the European Commission announced the definitive adoption and publication of revamped Standard Contractual Clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the EU General Data...more
The last few years have witnessed remarkable changes in the privacy world. The GDPR, the CCPA, the invalidation of the EU-US Privacy Shield framework and the related obligations resulting from the Schrems II decision - to...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”)...more
Keypoint: The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to...more
On July 16, 2020, the Grand Chamber of the Court of Justice of the European Union (CJEU) in Luxembourg handed down its highly anticipated judgment in a case brought by privacy activist Max Schrems (C-311/18, Data Protection...more
Today (July 16) Europe’s highest court, the Court of Justice of the European Union (CJEU), in the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II) invalidated the EU–U.S. Privacy...more
The Situation: The Court of Justice of the European Union ("CJEU") has ruled that international data flows under the European Union's comprehensive data protection regime, the GDPR, can continue to be based on EU Standard...more
BREXIT: DEAL OR NO-DEAL? DATA IS THE QUESTION - With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven...more
Editor’s Note: Strictly speaking, this blog post isn’t really about human resources management or employment law. But it might be; the GDPR is vaguely written and it is not at all clear how it will be applied in relation to...more
On December 6, 2017, the European Union’s Article 29 Working Party released two sets of guidelines on Binding Corporate Rules (“BCRs”) it had adopted a week earlier. BCRs are internal rules that define a group of companies’...more
The EU’s Article 29 Working Party (WP29) held a plenary meeting in early December 2016. At the meeting, the WP29 adopted guidelines and issued FAQs relating to the EU General Data Protection Regulation’s (GDPR’s) provisions...more
Notice Requirements - The Privacy Shield notice requirements are more specific and detailed than what was required by the Safe Harbor regime. Safe Harbor required a privacy policy to provide information on data...more
The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for the national data-protection laws in each EU member state. The Directive states that personal data may only be transferred to...more
In April 2016, the European Union adopted new legislation on data protection. The part relevant to private enterprises (EU Regulation 2016/679) is known as the General Data Protection Regulation or “GDPR.” The GDPR is subject...more
More than 5,000 companies had taken advantage of the now defunct U.S.-EU Safe Harbor Framework. Those companies are now considering whether to join the newly approved “Privacy Shield,” and are trying to understand the...more
As a follow up to a previous blog post, as anticipated, the European Commission released the framework for the EU-US Privacy Shield, which replaces the invalidated transatlantic Safe Harbor Program, a system that had...more