Organisations that make international transfers of personal data have undergone significant challenges and changes over the last few years. With the invalidation of the Privacy Shield agreement in 2020 and the introduction of...more
9/26/2024
/ Compliance ,
Consent ,
Corporate Fines ,
Data Breach ,
EU ,
EU-US Privacy Shield ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Oversight ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Third-Party Service Provider ,
UK
On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck...more
4/1/2022
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
12/23/2021
/ Adequacy Requirement ,
Binding Corporate Rules ,
Consultation ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Subject Access Requests ,
Electronic Communications ,
EU ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Risk-Based Approaches ,
Standard Contractual Clauses ,
UK
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
6/14/2021
/ Compliance ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Transfers ,
Employee Privacy Rights ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After the political and constitutional upheaval of the last four years that has been Brexit, a trade deal - the EU-UK Trade and Cooperation Agreement - was finally reached between the United Kingdom (UK) and the European...more
1/27/2021
/ Data Privacy ,
EU ,
European Economic Area (EEA) ,
Grace Period ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Privacy Laws ,
Trade Agreements ,
UK ,
UK Brexit
The Court of Justice of the European Union (CJEU) recently declared that the EU-U.S. Privacy Shield is invalid because it does not provide an adequate level of protection for the transfer of personal data from the European...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) announced its judgment in the so-called Schrems II case (Case C-311/18), declaring that the EU-U.S. Privacy Shield is invalid because it does not provide an...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
With less than six months until the May 25, 2018, effective date for the European Union (EU) General Data Protection Regulation (GDPR), companies are assessing their GDPR readiness and concentrating their compliance efforts...more
On October 18, 2017, the European Commission published its report and supporting documents regarding its first annual review of the EU-U.S. Privacy Shield (Privacy Shield), which sets forth procedures and safeguards for...more
On May 25, 2018, a short 12 months from now, employers must be in full compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for EU human resources data. The GDPR requirements regarding...more
As employers catch their breaths after an action-packed 2016, they need to gear up for another turbulent year for international data privacy issues in 2017. The top five international data privacy issues follow....more
On January 11, 2017, the Swiss Federal Council and the U.S. International Trade Administration (ITA) announced that the Swiss-U.S. Privacy Shield will replace the U.S.-Swiss Safe Harbor Framework to permit U.S. businesses to...more
On July 12, 2016, the European Commission formally adopted the EU-U.S. Privacy Shield to replace the previously invalidated Safe Harbor Framework as an adequate method of transferring personal data from the European Economic...more
7/14/2016
/ Data Protection Authority ,
Employer Liability Issues ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Privacy Policy ,
Schrems I & Schrems II ,
Self-Certification ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On June 24, 2016, the European Commission announced that it had reached a final agreement with the United States on the terms of the EU-U.S. Privacy Shield, which will permit U.S. companies to transfer the personal data of...more
6/28/2016
/ Corporate Counsel ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Popular ,
Surveillance ,
UK ,
UK Brexit ,
Young Lawyers
On February 29, 2016, the European Commission (EC) and U.S. Department of Commerce (DOC) published a series of documents providing details for the implementation of the new EU-US Privacy Shield framework for the transfer of...more
3/7/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On February 3, 2016, the Article 29 Working Party, the EU body representing the data protection authorities (DPA) of each EU member country, announced that all of the DPAs across the EU have agreed to extend the current...more
2/5/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Moratorium ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On February 2, 2016, in a meeting conducted in Brussels, the European Commission and the United States agreed on a new framework for transatlantic data flows. With all the negative connotations surrounding it, the name “Safe...more
After four years of debate and a year of uncertainty over the future of data transfers from the European Union (EU) to the United States, this week has seen a historic move towards finalizing new legislation to govern data...more
Citing the European Court of Justice’s (ECJ) October 6, 2015 decision in Schrems v. Data Protection Commissioner, which invalidated the EU Commission’s Safe Harbor decision, the Israeli Law, Information and Technology...more
On October 14, 2015, the data protection commissioner from the German state of Schleswig-Holstein issued a position paper declaring that the use of model contract clauses by U.S. companies and European employees’ consent to...more
On October 6, 2015, the European Court of Justice (ECJ) issued its much-anticipated decision in Schrems v. Data Protection Commissioner, Case C-362/14. The case considered the viability of the U.S.-EU Safe Harbor Framework,...more
On October 6, 2015, the European Court of Justice (ECJ) will issue its decision in Schrems v. Data Protection Commissioner, Case C-362/14, which may invalidate the U.S.-EU Safe Harbor Framework. The Safe Harbor Framework...more