Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
12/16/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Processors ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Failure to Comply ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Treaty on the Functioning of the European Union (TFEU)
Just days after the European Union’s widely-discussed new data privacy regulations, the General Data Protection Regulation (“GDPR”), took effect on May 25, 2018, another EU-wide legal change quietly occurred. ...more
6/21/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Directive on Trade Secrets ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Trade Secrets
January 10, 2017 marked another important step towards reform of the EU data protection framework, with the release of the EU Commission’s proposals for a new Regulation governing privacy and electronic...more
1/18/2017
/ Consent ,
Cookies ,
Data Protection ,
Direct Marketing ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Internet of Things ,
Telecommunications
According to a press release of the Data Protection Supervisory Authority in the Land Mecklenburg Vorpommern of November 3, German supervisory authorities have randomly selected 500 companies in Germany and sent them requests...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
As of, August 1st, 2016, U.S. companies can now join the Safe Harbor successor EU-U.S. Privacy Shield (the “Privacy Shield”) for personal data transfers from the EU to the U.S.
This post gives a high level summary of...more
8/2/2016
/ Certification Requirements ,
Data Protection ,
Data-Sharing ,
Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Interstate Commerce ,
Personal Data ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
After receiving the approval of the EU Member States, through the Article 31 Committee, last Friday, the European Commission has today, July 12th, 2016, formally adopted the Adequacy Decision necessary to implement the...more
While EU regulators determine whether to adopt a new agreement for transfers of personal data from Europe to the United States to replace the invalid EU-U.S. Safe Harbor Framework, German data protection authorities have not...more
5/11/2016
/ Corporate Counsel ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
Germany ,
International Data Transfers ,
Personal Data ,
Popular ,
US-EU Safe Harbor Framework
The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of...more
5/4/2016
/ Consent ,
Data Collection ,
Data Protection Authority ,
Disclosure Requirements ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
New Guidance ,
Opt-In ,
Opt-Outs ,
Personal Data
After 4 years of negotiation, today the European Parliament adopted the General Data Protection Regulation (“GDPR“). In doing so, it signaled the end of the EU approval process and put businesses on alert that they now have...more
Bad news for companies relying on transatlantic data flows as, once again, the transfer of personal data from Europe to the United States is called into question by the Article 29 Working Party (the “Working Party”), an...more
On 29 February 2016 the European Commission issued the legal texts of the EU-U.S Privacy Shield which aims to replace the defunct EU-U.S Safe Harbor Framework as a legitimate mechanism for transferring personal data from the...more
The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”). Heralded as the EU-US...more
Last Friday (6 November 2015) the EU Commission issued a communication on the transfer of personal data from the EU to the US under the Data Protection Directive following the judgment by the Court of Justice in the Schrems...more
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
10/27/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cloud Computing ,
Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
European Commission ,
European Court of Justice (ECJ) ,
Germany ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
US-EU Safe Harbor Framework
The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
10/20/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Compliance ,
Cybersecurity ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
The European Court of Justice's (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
1. CJEU finds Safe Harbor Invalid -
In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more
10/7/2015
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Due Diligence ,
EU ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Safe Harbors ,
US-EU Safe Harbor Framework ,
Young Lawyers
Thousands of U.S. and European companies who rely on the EU–US Safe Harbor Framework to permit the transfer of personal data from the EU to the U.S., have come a step closer to seeing the transfer mechanism struck down....more
10/1/2015
/ Advocate General ,
Cloud Computing ,
Compliance ,
Cross-Border ,
Data Loss Prevention ,
Data Protection ,
Data Security ,
Data Transfers ,
Dispute Resolution ,
Edward Snowden ,
Email ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
US-EU Safe Harbor Framework
Recent enforcement actions by the Bavarian Data Protection Authority (DPA) [Bayerisches Landesamt für Datenschutzaufsicht] highlight the importance of severe restrictions placed on the transfer of such data, even in the...more
8/29/2015
/ Acquisitions ,
Advertising ,
Buyers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Due Diligence ,
EU Data Protection Laws ,
Germany ,
International Data Transfers ,
Mergers ,
Personal Data ,
Prior Express Consent ,
Sellers ,
Unfair or Deceptive Trade Practices
On May 29, 2015, the Federal Trade Commission ("FTC") announced the approval of the final orders for two U.S. companies, TES Franchising, LLC ("TES") and American International Mailing, Inc. ("AIM"), settling complaints that...more
6/22/2015
/ Arbitration ,
Binding Corporate Rules ,
Compliance ,
Data Protection ,
Dispute Resolution ,
EU ,
Federal Trade Commission (FTC) ,
Germany ,
International Data Transfers ,
Mediation ,
Safe Harbors ,
Section 5 ,
Switzerland ,
U.S. Commerce Department ,
UK ,
Unfair or Deceptive Trade Practices