No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Life With GDPR - Data Transfer Update
Life with GDPR - Data Transfers from EU/UK to US
Everything Compliance - The Elon Etc Edition
Interview With Ayesha Minhaj, Google - Digital Planning Podcast
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Ireland’s Data Protection Commission has fined Meta €1.2 billion. What, however, did the commission say in the case about using Art 49 derogations for transfers to the U.S.? An overview: I will discuss the Meta decision...more
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new...more
On October 7, 2022, President Biden signed the Enhancing Safeguards for United States Signals Intelligence Activities Executive Order (Executive Order or EO), which implements the EU-U.S. Data Privacy Framework (EU-U.S. DPF)....more
Today, October 7, 2022, President Joe Biden signed an executive order implementing a new privacy framework for data being shared between Europe and the United States. The new framework is called the “Trans-Atlantic Data...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Several German Data Protection Authorities commence independent investigation of cross border transfers of personal data in violation of Schrems II...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
In mid-January 2021, the European Data Protection Board (EDPB) announced by press release that it has adopted jointly with the European Data Protection Supervisor (EDPS) written Opinions on the European Commission’s drafts...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data...more
On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment...more
In a landmark decision in what is popularly known as the "Schrems II" case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from...more
The long awaited Schrems II decision was published by the Court of Justice of the European Union (CJEU) on 16 July 2020, and while it has already been summarized as the death blow to the Privacy Shield framework and the...more
The Court of Justice of the European Union (CJEU) Invalidates the EU-U.S. Privacy Shield- On July 16, 2020, the CJEU invalidated the EU-U.S. Privacy Shield (the Privacy Shield) in its decision in Facebook Ireland v. Schrems...more
Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic. Today, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland...more
The European Court of Justice (CJEU) recently published plans to issue its much awaited decision in CJEU case C-311/18 (also referred to as “Schrems II”) on July 16. ...more
With respect to Internet privacy, as a result of recent U.S. government action, Americans now have less protection and are more at risk of government surveillance and potential misuse of their personal information, as...more
Since 2013 revelations about U.S. mass surveillance, the transfers of personal data between the EU and the U.S. have encountered regular legal threats: cancellation of the Safe Harbor by the Court of Justice of the European...more