With the August 1st start of the Privacy Shield, the European Commission’s new and long-awaited transatlantic data transfer agreement with the U.S., businesses that had previously relied on the invalidated Safe Harbor scheme...more
8/16/2016
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Protection Authority ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Contracts ,
Personal Data ,
U.S. Commerce Department ,
US Department of State ,
US-EU Safe Harbor Framework
If you operate a website which does business with consumers based in the European Union, read on.
In the recent case, Verein für Konsumenteninformation v Amazon EU Sàrl (28 July 2016), brought by Austrian consumer...more
The final text of the significant new EU General Data Protection Regulation (GDPR) has now been published (4 May 2016) in the Official Journal of the European Union. This means the clock is now ticking for the sweeping new...more
On February 2, 2016, the European Commission and the U.S. Department of Commerce reached an accord on a new transatlantic data transfer protocol. Nicknamed the EU-U.S. Privacy Shield, the framework would replace the...more
European Union officials finally reached agreement this week on a new European data protection regulation (Regulation) that will essentially tear up existing European laws, introduce a brand new statutory regime and...more
The Court of Justice of the European Union (CJEU) has been very busy in recent weeks re-shaping EU privacy laws. In addition to the much-anticipated decision in “Schrems” (Case C-362/14), which essentially rules the US-EU...more
10/29/2015
/ Compliance ,
Cybersecurity ,
Data Protection ,
Debt Collection ,
European Commission ,
European Court of Justice (ECJ) ,
Hungary ,
International Data Transfers ,
Member State ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Sanctions ,
US-EU Safe Harbor Framework
Europe’s top court ruled that U.S. companies relying upon the “Safe Harbor Framework” data sharing regime to maintain information regarding EU citizens is “invalid.” This means that any company relying upon the Safe Harbor...more
10/8/2015
/ Binding Corporate Rules ,
Data Protection ,
European Court of Justice (ECJ) ,
International Data Transfers ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Privacy Policy ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
Given London’s role in international business and finance, the UK Bribery Act 2010 promised to form a potential strong counterpart to the U.S. Foreign Corrupt Practices Act (FCPA). Now, the UK government is taking steps which...more
Given the range of threats and the catastrophic impact an attack could have on an airline, strategizing to reduce the risk of breaches and implementing plans to deal with them once they occur should be prioritized at board...more
A recent survey of over 1,200 of the top mobile apps in 19 countries by the Global Privacy Enforcement Network ("GPEN") has found that 85% of the apps reviewed were non-compliant, failing to provide even the most basic...more
The European data protection authorities will be conducting a “cookie sweep” later this month, carrying out random spot checks on websites to assess for compliance with EU “cookie” laws. Businesses should therefore be...more
When precisely is a data controller lawfully permitted to process personal data?
If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more
Much has been said about the EU "Cookie" laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011. Companies with European customers (including those in the US) have grappled with the...more
It is difficult to recall a time when the issue of personal data transfers from the European Economic Area ("EEA") has been as widely and hotly debated as it has over the past year or so. Significant movements during the past...more
Whilst regulatory action by the U.K. Information Commissioner’s Of?ce (‘‘ICO’’) is relatively commonplace and well reported following data breaches, particularly since the ICO was granted powers to issue on the spot ?nes for...more
11/20/2013
It has been said for some time that data is the new oil, but many global organizations continue to struggle to comply with regulatory requirements when it comes to the exploitation of this valuable resource....more
What exactly is the '"best" solution for an international business needing to handle and transfer personal data across borders?
This has become an increasingly important and common question as business becomes more...more
5/16/2013
One of the issues that distinguishes U.S. law from English law is the concept of an implied contractual duty of good faith. While U.S. law has embraced this concept, it was believed that English law had not. However, as a...more
In a further push towards “privacy by design,” the Article 29 Working Party, which is made up of representatives from the various EU data protection authorities, has recently approved the use of Binding Corporate Rules...more
On 1 January 2013, over 4 years after the idea was first discussed, new Binding Corporate Rules (BCRs) for data processors were launched following a meeting of European data protection authorities....more