NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
What's Next after the Schrems II Decision of ECJ
Life With GDPR: Episode 47- Schrems III-Impact on the Transatlantic Digital Trade
Ireland’s Data Protection Commission has fined Meta Ireland 1.2 billion EUR. While you have probably heard about that, there is much, much more to this case and the larger Schrems II cross border saga. Here is what you...more
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more
Companies using Google Analytics (“Analytics”) or similar platforms may be interested in recent rulings of several European data protection authorities that found Analytics data transfers to the U.S. to be non-compliant with...more
On Friday, March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen jointly announced that a deal has been reached to replace the former Privacy Shield framework governing data transfers...more
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators. On February 10, 2022, the French Data...more
More, possibly similar decisions are expected in the coming months, throwing cross-Atlantic data transfers and trade into doubt as diplomats seek a Privacy Shield replacement. In late December, the Austrian Data...more
The German Data Protection Conference (DSK) has issued an expert opinion on the state of surveillance laws in the United States. Needed: Schrems-proof mascara, the next level waterproof for all the “Cry and Pray” that...more
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced...more
The guidance outlines how organisations should approach international transfers and confirms examples of supplemental measures that can be adopted to ensure ongoing compliance and seeking to de-mystify earlier uncertainty. ...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements. On 4 June 2021, the European Commission released its...more
The European Union limits the transfer of EU personal data to countries whose privacy regimens are not deemed “adequate,” like the United States. American companies have tended to rely upon Standard Contractual Clauses (SCC)...more
Starting this fall, companies transferring personal data from the European Economic Area (EEA) will likely begin to see a flurry of contract renegotiations. On June 4, 2021, the European Commission adopted long awaited new...more
Several German Data Protection Authorities commence independent investigation of cross border transfers of personal data in violation of Schrems II...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
The European Parliament is urging the United States to reform its surveillance laws to pave the way for transfers of personal data between the European Union and the U.S. "For data controllers that fall within the scope of...more
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
As many organizations continue to struggle with the fallout from the July 2020 Schrems II decision from the European Court of Justice (“CJEU”), in November, the European Data Protection Board (“EDPB”) published two pieces of...more
The U.S. Department of Commerce (DOC), Department of Justice (DOJ), and the Office of the Director of National Intelligence (ODNI) jointly issued a White Paper containing information about privacy protections under U.S. law...more
The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently...more
If you transfer personal data from the EU/UK to countries which lack a so-called “adequacy” determination, like the US or India, or if your trusted service providers do, the Schrems II European Court decision has seismic...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems). In its decision, the Court (1) struck down the Privacy Shield program that...more