Is Edward Snowden a Whistleblower?
The final decision of the Irish Data Protection Commission (IDPC) in relation to the transfers of EU/EEA Facebook user data by Meta Platforms Ireland Limited (Meta Ireland) to its processor, Meta Platforms, Inc., in the US...more
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more
Companies using Google Analytics (“Analytics”) or similar platforms may be interested in recent rulings of several European data protection authorities that found Analytics data transfers to the U.S. to be non-compliant with...more
On Friday, March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen jointly announced that a deal has been reached to replace the former Privacy Shield framework governing data transfers...more
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced...more
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier uncertainty. ...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The European Union limits the transfer of EU personal data to countries whose privacy regimens are not deemed “adequate,” like the United States. American companies have tended to rely upon Standard Contractual Clauses (SCC)...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
As many organizations continue to struggle with the fallout from the July 2020 Schrems II decision from the European Court of Justice (“CJEU”), in November, the European Data Protection Board (“EDPB”) published two pieces of...more
The U.S. Department of Commerce (DOC), Department of Justice (DOJ), and the Office of the Director of National Intelligence (ODNI) jointly issued a White Paper containing information about privacy protections under U.S. law...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its anxiously-awaited judgment in the Schrems II case. The CJEU’s decision upheld the Standard Contractual Clauses (SCCs) but, somewhat surprisingly,...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems). In its decision, the Court (1) struck down the Privacy Shield program that...more
Trans-Atlantic transfer scheme relied on by thousands of EU and U.S. organisations to transfer personal data from the EU to the U.S. deemed invalid by the Court of Justice of the European Union (CJEU). Privacy Shield has...more