Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
Pennsylvania COVID-19 Update Featuring Former Pa. Gov. Tom Corbett
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements. On March 25, the U.S. and E.U....more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
At the beginning of the year, the German data protection authorities (DPAs) announced that they would take joint action to enforce the decision of the European Court of Justice (ECJ) in the "Schrems II" case. On June 1,...more
Organizations are closely tracking which of their vendors previously relied on Privacy Shield. Separately, they are preparing Transfer Impact Assessments (“TIAs”) to evaluate and address risks associated with personal data...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more
1. Schrems II requires parties relying on the SCCs to implement additional measures ensuring that transferred personal data is adequately protected. The Schrems II decision did not affirmatively invalidate the SCCs, but...more
Barely one month after the Court of Justice of the European Union (CJEU) issued its Schrems II decision striking down the EU-U.S. Privacy Shield Framework (Privacy Shield), Austrian privacy activist Max Schrems has filed 101...more
The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision....more
Two updates that companies may find helpful regarding standard contractual clauses for cross-border transfers of personal data post invalidation of the EU-US Privacy Shield program....more
On July 16, 2020, Europe’s Court of Justice issued a much-anticipated judgment on the validity of Decision 2016/1250 on the adequacy of the EU-US Data Protection Shield (the “US/EU Privacy Shield”) and Decision 2010/87 on...more
On Thursday, July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield (“Privacy Shield”) in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case...more
On July 16, 2020, the Court of Justice of the European Union delivered its decision in Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems, which invalidated EU Commission Decision 2016/1250 (the...more
The Court of Justice of the European Union (CJEU) issued a long awaited opinion yesterday (July 16, 2020) in Data Protection Commissioner v. Schrems1 finding the EU-U.S. Privacy Shield inadequate for lawfully transferring the...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
The European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There...more
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first...more
Between the cancellation of the Safe Harbor by the Court of Justice of the European Union (CJEU) and the adoption of the Privacy Shield, a number of data exporters have relied on the Standard Contractual Clauses (SCC) as the...more