NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Cross-Border Data Transfers and the EU-US Data Privacy Tug of War
What's Next after the Schrems II Decision of ECJ
Compliance Perspectives: The End of the Privacy Shield
It is, by now, well known that not taking data protection seriously can prove costly for organizations. Since the introduction of the European General Data Protection Regulation (the "GDPR") in 2018, non-GDPR-compliant...more
The Belgian Data Protection Authority (DPA) has published brief guidance concerning the European Court of Justice (ECJ) judgement on the European Commission’s adequacy decision provided by the EU-US data Privacy Shield...more
The European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard...more
On September 24, 2019, the highest court of the European Union (EU), the Court of Justice of the EU (CJEU), attempted to limit the territorial scope and authority of EU data protection authorities in its recent decision...more
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie...more
On July 29, 2019, the European Court of Justice (ECJ) issued its decision in FashionID (Case C-40/17), determining that website operators are jointly liable with plugin providers for data collection and transmission through...more
Recent legislative hearings in the United States and Europe have focused on the means by which large third-party data collectors track individuals via websites. Regulators have paid comparatively little attention to the...more
On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
Updates on the EU: German DPA Publishes First Privacy Shield Guidelines, Requires German-Law Contracts for Transfers. On June 7, 2016, the European Commission adopted the EU-U.S. Privacy Shield. One question that many...more
Most privacy professionals are familiar with the European Court of Justice’s 2015 Schrems decision, which struck down the US-EU Safe Harbor mechanism. One lesser-discussed aspect of the ECJ’s decision related to the powers...more
Over the course of the past two months, three privacy groups in France and one in Ireland filed separate actions for annulment with the European Court of Justice seeking the invalidation of the EU-U.S. Privacy Shield...more
Digital Rights Ireland, an Irish privacy advocacy group, has filed the first legal challenge to the EU-U.S. Privacy Shield, the Trans-Atlantic agreement reached earlier this year to permit the lawful transfer of personal data...more
The European Union ("EU") recently announced that the new EU-US Privacy Shield Agreement ("Privacy Shield") is adequate to meet EU data privacy requirements and allow for the transfer of personal data from the EU to the US in...more
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted...more
Following European Commission adoption of the Privacy Shield on July 12, 2016, and with Privacy Shield self-certification poised to open for business organizations on August 1, 2016 as a replacement for the invalidated...more
I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
When the European Court of Justice first invalidated the Safe Harbor we recommended here that, for most companies, staying the course by implementing general data security best practices was probably the right thing to do...more
On July 12, 2016, the European Commission (“Commission”) formally adopted and released the Privacy Shield Adequacy decision, which will allow certified U.S. companies to transfer EU personal data to the United States. The...more
The European Commission adopted on July 12, 2016 its long-awaited decision recognizing the U.S. Privacy Shield as providing adequate protection for personal data of EU citizens transferred to the United States. The Privacy...more
The EU-US Privacy Shield—successor to the invalidated Safe Harbor program for transatlantic transfers of EU personal data—was finally approved on July 12, 2016....more
With the Article 29 Working Party’s position on the adequacy of the EU-U.S. Privacy Shield framework agreement (Privacy Shield) decision expected this week, U.S. businesses should be evaluating privacy options and preparing...more
On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The...more
On Monday, February 29th, the European Commission and U.S. Department of Commerce released a collection of documents summarizing actions taken on both sides of the Atlantic to implement the new Privacy Shield framework. This...more
On February 2, 2016, The European Commission (EC) and the U.S. Department of Commerce (Commerce) reached a deal on a new transatlantic data-transfer pact to replace the 15-year-old Safe Harbor agreement. The European Court of...more