Is Edward Snowden a Whistleblower?
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR. While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
Several German Data Protection Authorities commence independent investigation of cross border transfers of personal data in violation of Schrems II...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
1. Schrems II requires parties relying on the SCCs to implement additional measures ensuring that transferred personal data is adequately protected. The Schrems II decision did not affirmatively invalidate the SCCs, but...more
The U.S. Department of Commerce (DOC), Department of Justice (DOJ), and the Office of the Director of National Intelligence (ODNI) jointly issued a White Paper containing information about privacy protections under U.S. law...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
In a landmark decision in what is popularly known as the "Schrems II" case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from...more
Trans-Atlantic transfer scheme relied on by thousands of EU and U.S. organisations to transfer personal data from the EU to the U.S. deemed invalid by the Court of Justice of the European Union (CJEU). Privacy Shield has...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court. The Irish High Court has “well-founded” concerns that there is no...more