The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
Hogan Lovells and Privacy Laws & Business have submitted a joint memorandum to data protection leaders in the EU and the UK advocating for a common framework for Binding Corporate Rules (BCR). The memorandum, submitted to the...more
The Data Protection Authority (“DPA”) of the German state Hamburg is one of the first European DPA to publish an optimistic assessment on the U.S. Executive Order on “Enhancing Safeguards for United States Signals...more
The European Commission (EC) has proactively reached out to the Dutch Data Protection Authority (DPA) to criticize its interpretation of legitimate interest under the GDPR. The criticism is in response to enforcement actions...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements. On March 25, the U.S. and E.U....more
On 23 February 2022, Margrethe Vestager (European Commission’s Executive Vice President for a Europe fit for the Digital Age) unveiled proposals for the EU’s latest legislative development, the EU Data Act. Originally...more
Hell hath no fury like a bureaucracy scorned. Do you know a person who insists on having his own way all the time and who wants to control your relationships with others? I hope not, but many of us do....more
On 18 June 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion on the European Union’s proposed AI Regulation, which was announced earlier this year....more
News sources reported this month that the Irish data protection authority (DPA) had sent Facebook a preliminary order that would prohibit the transfer of information about European Union (EU) residents to US Facebook users....more
On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In...more
Two updates that companies may find helpful regarding standard contractual clauses for cross-border transfers of personal data post invalidation of the EU-US Privacy Shield program....more
•The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place. •Identify if you have been relying on the...more
On July 16, 2020, Europe’s Court of Justice issued a much-anticipated judgment on the validity of Decision 2016/1250 on the adequacy of the EU-US Data Protection Shield (the “US/EU Privacy Shield”) and Decision 2010/87 on...more
On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case...more
On July 16, 2020, the Court of Justice of the European Union delivered its decision in Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems, which invalidated EU Commission Decision 2016/1250 (the...more
The Court of Justice of the European Union (CJEU) issued a long awaited opinion yesterday (July 16, 2020) in Data Protection Commissioner v. Schrems1 finding the EU-U.S. Privacy Shield inadequate for lawfully transferring the...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
The European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There...more
In a landmark opinion issued on July 16, 2020, the European Court of Justice overturned the EU-U.S. Privacy Shield, less than four years after the European Commission decision that the privacy principles of the EU-U.S....more
Decision of the Court of Justice of the European Union - On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its judgment in the so-called “Schrems II” case. ...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to...more
On October 23, 2019, the European Commission published its report after its third annual review on the functioning of the EU-U.S. Privacy Shield. The Privacy Shield, which became operational in August 2016, details procedures...more
The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer...more
The EU Commission issued today a “Communication to the European Parliament and the Council” which is entitled “Data protection rules as a trust enabler in the EU and beyond- taking stock”, which outlines the current state of...more