Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
In-house Roundhouse: Antitrust and the Tech Industry
Pennsylvania COVID-19 Update Featuring Former Pa. Gov. Tom Corbett
Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other...more
As more and more states enact laws that mirror aspects of GDPR, and as companies begin to get used to the EU’s new standard contractual clauses, now may be a good opportunity for a refresh on data sharing agreements. As most...more
Why should I read this? A new UK-US data bridge will be available to businesses in the UK looking to transfer personal data to organizations in the United States certified under the UK Extension to the EU-US Data Privacy...more
On September 21, 2023, the UK Secretary of State for Science, Innovation and Technology laid before Parliament regulations that will operate to significantly simplify the process for UK businesses to transfer personal data to...more
It has been a long time coming, but the other shoe has finally dropped. Ireland’s Data Protection Commission (DPC) fined Meta Platforms Ireland (parent of Facebook Ireland) €1.2 billion, the highest fine to date under the...more
As U.S.-based companies await a decision by the European Union (EU) regarding data transfers, the European process for approving the EU-U.S. data privacy framework has progressed a step. The European Commission released a...more
Colorado Department of Law Issues Draft CPA Revisions - On December 22, the Colorado Department of Law issued updates to the draft Colorado Privacy Act (CPA) rules. These revisions build on written comments and feedback from...more
For companies that conduct business in both the European Union and the United States, data transfers between the EU and the U.S. has long been a challenging process, primarily in light of the EU’s strict privacy regulation,...more
Companies transferring personal data out of the EU or UK are reminded of key deadlines approaching for the contracts that govern these transfers. When the European Commission adopted the new Standard Contractual Clauses...more
Editor’s Note: It may be the shortest month of the year, but February 2022 saw a flurry of privacy — especially biometric — legislation move closer to enactment. Kentucky, California, Maryland, and New York state introduced...more
On February 2, 2022, the UK privacy regulator (i.e., the Information Commissioner's Office or the ICO) issued new model clauses to support data transfers from the UK. Subject to approval by the UK Parliament, the new model...more
Last week’s blog detailed the wave of state legislation that occurred in the U.S. during 2021. It is no surprise that there were also many data privacy developments abroad. It is crucial that organizations affected by...more
While everyone hoped that 2021 would be less tumultuous than 2020, it certainly did not turn out that way in the end. The same was true in the world of data privacy – with sweeping new data protection regulations and guidance...more
The last few years have witnessed remarkable changes in the privacy world. The GDPR, the CCPA, the invalidation of the EU-US Privacy Shield framework and the related obligations resulting from the Schrems II decision - to...more
One of the methods US and EU companies rely on most frequently for the transfer of personal data from the EU to the US are standard contractual clauses. For the method to be acceptable as a valid basis for transfer of...more
On November 3, California voters passed the California Privacy Rights Act, a ballot initiative that substantially amplifies data privacy oversight for qualifying enterprises doing business in California. Although it builds...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
GDPR, the key piece of European privacy law, sets out strict controls on the transfer of personal data from the EU to non-EU jurisdictions and makes it unlawful to transfer personal data from the EU to a non-EU based...more
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Commission's annual review of the Privacy Shield, a potential threat to the European Union's "standard contractual clauses," a push by...more