Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data...more
The FTC and DOJ reached a settlement with Twitter, Inc. to resolve allegations that the company used user personal data to help sell targeted advertisements in violation of the FTC Act and a 2011 FTC Order, which prohibited...more
Last week, the United States Department of Justice, acting on behalf of the Federal Trade Commission, took action against Twitter, Inc. for allegedly using private account security data to sell targeted advertisements without...more
In this month's edition, we examine the Swiss data protection authority's comments on the validity of its data-sharing framework with the U.S., as well as the European Data Protection Board's guidance on joint controllers and...more
The Federal Data Protection and Information Commissioner (FDPIC) has determined that the Swiss-United States Privacy Shield does not provide an adequate level of data protection for data transfers from Switzerland to the U.S....more
In a much anticipated ruling, this month the Swiss Data Protection Authority concluded that the EU-US Swiss Privacy Shield was no longer an adequate method for transferring personal information from Switzerland to the US. In...more
Report on Supply Chain Compliance 3, no. 18 (September 17, 2020) - Following the European Court of Justice’s decision to strike down the EU-US Privacy Shield mechanism for data transfer, the Swiss Federal Data Protection...more
Following the CJEU’s invalidation of the EU Commission’s adequacy decision on the EU-U.S. Privacy Shield in Schrems 2.0, on September 8, 2020, the Federal Data Protection and Information Commissioner (FDPIC) found that the...more
On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner (FDPIC) announced that it no longer considers the Swiss-U.S. Privacy Shield (Swiss Shield) to provide adequate protections for transfers of...more
On the heels of the Court of Justice of the European Union’s decision in Schrems II, Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has determined that the U.S.-Swiss Privacy Shield does not meet...more
Delta Sues Software Provider Over Data Breach - Delta Airlines sued its customer service chat provider, [24]7.ai Inc., in New York federal court accusing it of lax digital security practices that allowed a hacker to steal...more
Nearly three years ago, the EU-U.S. and Swiss-U.S. Privacy Shield frameworks replaced the U.S.-EU and U.S.-Swiss Safe Harbor programs as a self-certification mechanism to transfer personal data from the European Union and...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
The EU General Data Protection Regulation (GDPR) took effect on May 25, 2018. Potential fines for violating the GDPR include up to four percent of an organization's annual profits or €20 million (approximately $23 million),...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
Beginning on April 12, 2017, U.S. organizations that are subject to the investigatory and enforcement powers of the FTC or the Department of Transportation will be able to self-certify to the newly adopted Swiss–U.S. Privacy...more