Life with GDPR - Meta Fined €405 million by Irish Data Protection Commission
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
As those in the privacy world await the outcome of the EU-US privacy framework negotiations, the EDPB was in the news recently for a different mechanism for data transfers: Binding Corporate Rules. Namely, it adopted...more
The European Union’s (“EU”) Data Protection Commission (the “Commission”) recently fined Meta Ireland $1.3 billion (or €1.2 billion) for improper data transfers from the European Economic Area (“EEA”) to the United States in...more
In a recent non-binding opinion, EU regulators expressed timid positivity about the European Commission’s draft adequacy decision on the EU-US transatlantic data flows framework (Data Privacy Framework or DPF). While some...more
The Proposed EU-U.S. Data Privacy Framework Faces Potential Obstacles - On February 14, 2023, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (the “EP Committee”) released a draft opinion...more
The European Data Protection Board (EDPB) has issued a long-awaited opinion on the EU-US Data Privacy Framework. Here are some key takeaways: The scope of the exemptions to the adherence to the principles, including on the...more
On the bumpy road towards a new adequacy decision for EU-U.S. data transfers, the European Data Protection Board (“EDPB”) has published its Opinion 5/2023 (“Opinion”) on the European Commission's (“Commission”) draft adequacy...more
Katten's Privacy, Data and Cybersecurity Quick Bytes is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe. ...more
Background Note: Data privacy has become a critical issue in the digital era, with laws and regulations constantly evolving. As a result, it’s important for cybersecurity, information governance, and legal discovery...more
During the last 20 years, the state of the law regarding personal data transfers between the U.S. and Europe has undergone many changes and evolutions. Initially, the European Commission and the U.S. Government worked...more
The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of...more
The United States is adequate, at least according to a draft opinion on the EU-U.S. Data Privacy Framework. Here is a look at what the opinion says, and what U.S. companies involved in EU-U.S. transfers should be doing now....more
Since Schrems II invalidated the US/EU Privacy Shield, the flow of personal data from the European Union to the United States has been subject to intense regulatory scrutiny. Companies transferring personal data to the United...more
The European Commission has published its long-awaited draft of the new EU-US Data Privacy Framework, available here. The Data Privacy Framework will replace the Privacy Shield decision that was invalidated in July 2020 by...more
Ever since the White House issued its Executive Order to pave a path for the new EU-U.S. Data Privacy Framework, stakeholders have provided both praise and criticism about whether the Executive Order sufficiently addresses...more
California Privacy Protection Agency Releases Draft CPRA Regulations - The California Privacy Protection Agency (CPPA) just released proposed California Privacy Rights Act (CPRA) regulations. The regulations expand...more
It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be...more
On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck...more
Last week the Biden administration and the European Commission jointly announced a new trans-Atlantic data flow agreement. While no specifics have yet been made public, a recent press release gives the high-level facts of...more
On 25 March 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the U.S. and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for...more
Post Schrems II World: EDPB Adopts Recommendations on Supplementary Measures for International Data Transfers - On June 18, the European Data Protection Board (EDPB) formally adopted Version 2 of its Recommendations on...more
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier uncertainty. ...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The European Commission’s long-awaited updates to the Standard Contractual Clauses (“SCCs”) have arrived. Data protection lawyers globally have eagerly anticipated these changes, which are necessary to address a legal...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more