Tying it all together: Safe Harbor and Security-Related Data Flows
One of the fascinating aspects of the privacy-related negotiations between the EU and the US over the past couple of years has been the EU’s efforts to decouple trade (e.g, TTIP) and security-related...
View ArticleEU update: Safe Harbor 2.0 deadline passes without agreement; Art. 29 WP...
No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend. Commissioner Jourova, who is leading the Safe Harbor 2.0...
View ArticleCommission Press Release and FTC Fact Sheet outlines the new EU-US “Privacy...
The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.” The new accord still needs to be reviewed by the...
View ArticleWill free apps soon be dead in Europe?
As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in...
View ArticleAmended version of Judicial Redress Act passes the Senate; now goes back to...
The US Senate passed the amended version of the Judicial Redress Act on February 9. The amendments, which tie the Umbrella Agreement to Safe Harbor 2.0 (now dubbed the US-EU “Privacy Shield”), now go...
View ArticleJudicial Redress Act passes the House with the Senate Amendments
The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law. The Act, which we covered in an earlier blog post, gives citizens of foreign countries...
View ArticleEU-US Privacy Shield Agreement Published
The European Commission has finally made the draft text of the EU-US Privacy Shield program available... The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly...
View ArticleKey Review of Privacy Shield Coming in Six Weeks
Now that the EU Commission has published the complete version of its draft decision adopting the EU-US Privacy Shield program, it’s time for the key reviewers to dig in. I don’t mean the lawyers, or EU...
View ArticleState Data Security Breach Notification Laws - April 2016
The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i)...
View ArticleKey EU Advisory Body Declines to Support Privacy Shield
UPDATE: The Article 29 Working Party has released surprisingly brief comments on Privacy Shield. Consistent with the press briefing held on April 13, 2016, WP29 has concluded that Privacy Shield falls...
View ArticleSave the Date: GDPR goes into effect May 25, 2018
We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018....By: Susan Foster
View ArticleInnocents Abroad: Lost laptop with customer data
Carrie, A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded....
View ArticleEU Privacy Shield Status Update
While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The...
View ArticleWhat does the Brexit vote mean for UK data protection?
US companies and policy makers will no doubt spend a good chunk of the day today considering the possible implications for them of yesterday’s UK vote for Brexit. Mark Carney, Governor of the Bank of...
View ArticlePrivacy Shield: Rumors of Progress
According to several news reports, the Commission has sent a revised draft of the Privacy Shield adequacy decision to the Article 31 Committee. One tech industry news source, Ars Technica, has made...
View ArticlePrivacy Shield Passes Art. 31 Hurdle; European Parliament LIBE Committee...
The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented on July 11th to the LIBE committee of the...
View ArticlePrivacy Shield is Finally Official
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered...
View ArticleEU-US Privacy Shield to Launch August 1, Replacing Safe Harbor
I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the...
View ArticlePrivacy Shield: The National Data Protection Authorities Hold Fire
The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up...
View ArticleThe Cyber President? What To Expect From the Trump Administration On...
Even president-elect Donald Trump has been the victim of a data breach. Several times actually. The payment card system for his Trump Hotel Collection was infected by malware in May 2014 and 70,000...
View ArticleIt’s Not Too Early! ICO Guidance Regarding Consent Under GDPR
The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot...
View ArticleHave you started auditing your contracts with your service providers that...
Many companies have started the potentially lengthy process of auditing their service provider contracts to make sure that they comply with the requirements of the General Data Protection Regulation,...
View ArticleWill the EU box itself in? Fate of Standard Contractual Clauses (aka the...
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian...
View ArticleEU Commission Confirms that Privacy Shield Survives its First Annual Review
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: “Our first review shows that the Privacy Shield...
View ArticleKey GDPR Guidance on Behavioral Advertising, Profiling and Automated...
Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance. The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and...
View ArticleConsent under the GDPR: Official Guidance Now Available
One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent. For many years,...
View ArticleWorking Towards GDPR Compliance – Practical Steps for US-Headquartered Life...
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...
View ArticleGDPR – European Commission Unveils Guidance Website
The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data...
View ArticlePractical GDPR Steps for US-Headquartered Life Sciences Companies
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential...
View ArticleEuropean Parliament Sets a Deadline for Reforming Privacy Shield – But Don’t...
The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that...
View ArticleThat Local Representative Problem . . . and the New Guidelines on the...
Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them. And if they finally work out that the...
View ArticleBrexit and UK-US data transfers: What’s the plan?
Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal. There is, in fact, a plan, and it’s...
View ArticleRevised Guidelines on the Territorial Scope of the GDPR and Local...
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised...
View ArticleBrexit Transition Period: Guidance from Information Commissioner’s Office
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union. The answer is: Not...
View ArticleCoronavirus and Data Protection in the Workplace: The EDPB provides key...
Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2...
View ArticleDo you transfer personal data from the EU to the US? Important Decision due...
Does your organization transfer personal data from the European Union to the US? If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European...
View ArticlePrivacy Shield Invalidated by Top EU Court; Standard Contractual Clauses...
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the...
View ArticleEU Data Protection Regulators Issue Critical Draft Guidance on Personal Data...
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on...
View ArticleEuropean Commission Publishes Proposed New Data Transfer Agreement
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for...
View ArticleTransferring Personal Data from the EU to the UK: Interim Solutions
The new 1,246-page Trade and Cooperation Agreement (TCA) between the United Kingdom and the European Union has ended the suspense over what restrictions will apply to the transfer of personal data...
View ArticleEuropean Commission Publishes Draft Adequacy Decision for Transfers of...
In a solid step forward for EU to UK personal data transfers, the European Commission has published its draft adequacy decision that will (if finally adopted) permit personal data to flow freely from...
View ArticleEuropean Commission Adopts Final Version of New Data Transfer Agreement (SCCs)
The European Commission has adopted (at long last) an updated version of the Standard Contractual Clauses (SCCs), bringing this popular data transfer mechanism in line with the GDPR – and, we hope, the...
View ArticleEuropean Commission Adopts New Service Providers Standard Agreement...
The new standard agreement for service providers (which we’ll refer to as the Controller-Processor SCCs) adopted by the European Commission on June 4th was understandably a bit overshadowed by the...
View ArticleEU Data Protection Regulators Adopt Guidance on Personal Data Transfers
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness...
View ArticleNews Roundup
The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. We should keep in mind, however, that some of the more...
View ArticlePersonal Data Transfers: Bye-bye, old SCCs – don’t forget the September 27th...
Out with the old EU Standard Contractual Clauses (as of September 27th) - Organizations that use the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from...
View ArticleThe New UK International Data Transfer Agreement Is Ready To Go From March...
The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs...
View ArticleNew UK International Data Transfer Agreement and a New Approach to UK Data...
Do you transfer or receive personal data from the United Kingdom? If so, there are some important developments in the UK to factor into your data protection compliance program. In a major change of...
View ArticleEU Personal Data Transfers Deadline: New SCCs must be put in place by...
Deadline to adopt EU Standard Contractual Clauses - Many organizations uses the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European...
View ArticleNew EU-US Data Privacy Framework
The European Commission has published its long-awaited draft of the new EU-US Data Privacy Framework, available here. The Data Privacy Framework will replace the Privacy Shield decision that was...
View Article
