Is Edward Snowden a Whistleblower?
In this episode of On Record PR, Gina Rubel goes on record with Aihong Yu, Chief Privacy Counsel of CDK Global, to discuss how embracing privacy and security measures…...more
The European Union’s (“EU”) Data Protection Commission (the “Commission”) recently fined Meta Ireland $1.3 billion (or €1.2 billion) for improper data transfers from the European Economic Area (“EEA”) to the United States in...more
The European Data Protection Board (EDPB) has issued a long-awaited opinion on the EU-US Data Privacy Framework. Here are some key takeaways: The scope of the exemptions to the adherence to the principles, including on the...more
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more
On Friday, March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen jointly announced that a deal has been reached to replace the former Privacy Shield framework governing data transfers...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement. In late December, the Austrian Data...more
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced...more
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier uncertainty. ...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The European Union limits the transfer of EU personal data to countries whose privacy regimens are not deemed “adequate,” like the United States. American companies have tended to rely upon Standard Contractual Clauses (SCC)...more
Starting this fall, companies transferring personal data from the European Economic Area (EEA) will likely begin to see a flurry of contract renegotiations. On June 4, 2021, the European Commission adopted long awaited new...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
1. Schrems II requires parties relying on the SCCs to implement additional measures ensuring that transferred personal data is adequately protected. The Schrems II decision did not affirmatively invalidate the SCCs, but...more
The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
In a landmark decision in what is popularly known as the "Schrems II" case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems). In its decision, the Court (1) struck down the Privacy Shield program that...more
Trans-Atlantic transfer scheme relied on by thousands of EU and U.S. organisations to transfer personal data from the EU to the U.S. deemed invalid by the Court of Justice of the European Union (CJEU). Privacy Shield has...more
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: “Our first review shows that the Privacy Shield works well, but there...more