On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (DPF). The decision concluded that the United States does ensure an adequate level of protection for transferring...more
On 10 July 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (the DPF). With immediate effect, the adequacy decision provides a new lawful basis for transfers from...more
Deadline to adopt EU Standard Contractual Clauses - Many organizations uses the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European Economic Area (EEA) to other...more
The Swiss government has drafted a proposed list of countries that are approved to receive personal data transfers out of Switzerland. Japan and South Korea are excluded from the current and proposed lists, requiring...more
Businesses today are data driven and data dependent, but the rules that govern how data can be used and shared across borders are becoming increasingly tricky for international organizations to navigate, subject to constantly...more
The European Commission published its implementing decision for the new Standard Contractual Clauses (“SCC”) in June of 2021. On September 27, 2021, the old SCCs that had been adopted prior to the General Data Protection...more
On 12 November 2020, the European Commission (Commission) published a draft Implementing Decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection...more
The fallout from the Schrems II judgment continued on Tuesday with an announcement from Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) that the Swiss-US Privacy Shield regime “does not provide an...more
Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the...more
The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision. On June 6, the Hamburg DPA announced that it had...more
EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a...more
On Monday, October 26, European Union Justice Commissioner Vera Jourová delivered a speech before the European Parliament in which she noted that the European Union and the United States had agreed “in principle” on a new...more
Over the course of the coming weeks, we will examine the various options available to companies in light of the European Court of Justice’s (CJEU) decision invalidating the US-EU Safe Harbor framework, including model...more
With EU Safe Harbor Invalidated, Companies Ask: What Now? - What happens now?: That is the question that businesses across the country are asking after the Court of Justice of the European Union (CJEU) threw out the...more
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the...more
As all of our readers know by now, as of October 6, the US-EU Safe Harbor Framework is no more. Safe Harbor was the mechanism on which thousands of US companies (and thousands of companies based in the European Union)...more
As we wrote on October 6, 2015, the Court of Justice of the European Union (CJEU) announced its invalidation of the U.S.-EU Safe Harbor program as a legally valid pathway for transferring personal data of European Union (EU)...more
Just one week after the milestone decision rendered by the CJEU to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a...more
A landmark decision of the European Court of Justice (ECJ) has held that companies may no longer rely on “Safe Harbour” to justify transferring personal data from the European Union to the US, because the US Government has a...more
The so-called “Article 29 Working Party” of EU Data protection officials from the 28 EU member states today released a much-anticipated press release regarding the Court of Justice of the European Union (CJEU) landmark...more
In a concise statement, the Article 29 Working Party (WP29), a consortium of European Data Protection Authorities (DPAs), released a position paper today about the landmark ruling of the European Court of Justice in...more
On October 16, 2015, EU authorities gave the U.S. and European Union until the end of January 2016 6o find a replacement for the former US-EU Safe Harbor regime, or enforcement actions could begin. The full statement of the...more
Since the Article 29 Working Party on the Protection of Individuals (“WP29”) announced last week that it would it shortly issue a statement on the landmark CJEU ruling invalidating the Safe Harbor Decision (Schrems v. Data...more
Last week, the Court of Justice of the European Union (CJEU) gave an important ruling which any business transferring personal data between the EU and the United States should know about — in particular those that make use of...more