NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
What's Next after the Schrems II Decision of ECJ
Life With GDPR: Episode 47- Schrems III-Impact on the Transatlantic Digital Trade
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators. On February 10, 2022, the French Data...more
In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated. Further, and broader than the invalidation of Privacy Shield adequacy...more
On 14 May the Irish High Court handed down its judgment in the judicial review case brought by Facebook Ireland Ltd (FBI) against the Irish Data Protection Commission (DPC), finding substantially in favour of the DPC....more
Pathways for U.S. companies to transfer personal data out of the European Union have been repeatedly blocked by EU authorities concerned by what they perceive as gaps in data protection under U.S. laws. Schrems I invalidated...more
News sources reported this month that the Irish data protection authority (DPA) had sent Facebook a preliminary order that would prohibit the transfer of information about European Union (EU) residents to US Facebook users....more
In a statement from Facebook’s VP of Global Affairs and Communications, Nick Clegg, the social media giant confirmed that the Irish Data Protection Commission (DPC) has commenced an inquiry into data transfers from the EU to...more
On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Case C-311/18, “Schrems II”) ruling that the Privacy Shield...more
The Court of Justice of the European Union (CJEU), the EU's highest court, declared on July 16, 2020, that the EU-U.S. Privacy Shield framework for the transfer of personal data from the EU into the United States is invalid....more
The Court of Justice of the European Union today invalidated the EU-US Privacy Shield and called into question the extent to which EU data exporters could rely on the European Commission’s Standard Contractual Clauses for...more
Yesterday, the Court of Justice of the EU (“CJEU”) issued a judgment with two important outcomes: (1) invalidation of the U.S.-EU Privacy Shield as a basis for transfers of personal data from the EU to the U.S.; and (2)...more
Yesterday, the Court of Justice of the EU has handed down its judgment in the highly-anticipated Facebook Ireland case (aka Schrems II) and invalidated the Privacy Shield Decision. For those of you who have followed this...more
The judgment by the Court of Justice of the European Union (CJEU) in the case known as “Schrems II” has far-reaching impact for businesses looking to ensure continuity of personal data flows between the EU and the US and...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses. On 16 July 2020, the Court of...more
Shielded No Longer: Top EU Court Invalidates Privacy Shield Framework and Clarifies Use of Standard Contractual Clauses as Bases for EU-U.S. Data Transfers - Yesterday, the Court of Justice of the European Union (CJEU)...more
Key Takeaways: - EU-U.S. Privacy Shield Framework invalidated - Standard Contractual Clauses governing transfers between controllers and processors upheld, but arguably may not be valid on their face without additional...more
Today, July 16, 2020, the EU’s top court, the Court of Justice of the European Union (CJEU), issued its highly anticipated decision in the Schrems II case. In doing so, CJEU has invalidated the EU-US Privacy Shield Framework...more
The Advocate General (AG) says the standard contractual clauses (SCCs) are valid but, where circumstances in the destination third country mean the SCCs would be breached or impossible to abide by, there is an obligation on...more
On December 19, 2019, in the Facebook Ireland and Schrems (Schrems 2.0) case, the Advocate General (AG) to the European Court of Justice (ECJ)—European Union's highest court—opined that the EU Standard Contractual Clauses...more
Insight into where e-discovery, information governance cybersecurity, and digital transformation are heading – who is doing what now or in the future, what works and what doesn’t, and what people wish they could do but can’t...more
As application of the European Union’s (EU’s) General Data Protection Regulation (GDPR) quickly approaches, the enforcement authority of the European data protection authorities (DPAs) is rightfully on everyone’s mind. The...more
The famous case brought by Maximilian Schrems against Facebook Ireland in Austria, aimed to become an international and large data protection class action, led on 25 January 2018 to a ruling from the CJEU on two main...more
In yet another round of Schrems versus Facebook, on January 25, 2018, the Court of Justice of the European Union (CJEU) ruled that privacy activist Max Schrems is a consumer with regard to his Facebook profile despite his...more
The Situation: The European Court of Justice ("ECJ") is to rule on the validity of EU Standard Contractual Clauses used by companies to transfer personal data outside of the European Union, at the request of Ireland's High...more
The Irish High Court recently asked the Court of Justice of the European Union (CJEU) to rule on the validity of “standard contractual clauses” as a basis for transferring personal data out of the European Economic Area...more
What Now? With its decision on Tuesday 3 October 2017 referring a preliminary question on the validity of the European Union’s “standard contractual clauses” (“SCC”) regime to the Court of Justice of the European Union...more