U.S. organizations should carefully review and ensure their privacy and cybersecurity practices comply with a wide-ranging new federal rule establishing data transfer restrictions regarding sensitive U.S. personal data. The...more
President Trump recently fired the three democrats on the Privacy and Civil Liberties Oversight Board (PCLOB). Since these firings bring the Board to a sub-quorum level, they have the potential to significantly disrupt...more
2/3/2025
/ Civil Liberties ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Hiring & Firing ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Privacy Laws ,
Regulatory Requirements ,
Trump Administration
The Swiss Federal Council has added the U.S. to the list of countries with an adequate level of data protection. Effective September 15, 2024, U.S. organizations that certify to the Swiss–U.S. Data Privacy Framework (DPF) can...more
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data...more
10/2/2023
/ Data Privacy ,
DPA ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Swiss Privacy Shield ,
UK
June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information...more
6/15/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Employee Training ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
International Data Transfers ,
Personal Information ,
Solicitation
In July 2020, the Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid. The EU-U.S. Privacy Shield program was designed to provide European Economic Area (EEA) data transferred to the U.S....more
Globalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity...more
The EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an...more
Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the...more
7/28/2020
/ BCRs ,
Cloud Service Providers (CSPs) ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Employee Privacy Rights ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
SCC ,
US-EU Safe Harbor Framework
The EU-U.S. Privacy Shield program is invalid, the Court of Justice of the European Union (CJEU) declared on July 16, 2020, in the matter of Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems...more