While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The Commission is still...more
Carrie,
A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more
6/2/2016
/ Breach Notification Rule ,
Customer Lists ,
Data Breach ,
Data Security ,
Employer Liability Issues ,
Encryption ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Laptop Computers ,
Personal Data ,
UK
We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018. ...more
UPDATE: The Article 29 Working Party has released surprisingly brief comments on Privacy Shield. Consistent with the press briefing held on April 13, 2016, WP29 has concluded that Privacy Shield falls short without providing...more
Now that the EU Commission has published the complete version of its draft decision adopting the EU-US Privacy Shield program, it’s time for the key reviewers to dig in. I don’t mean the lawyers, or EU privacy advocates, or...more
The European Commission has finally made the draft text of the EU-US Privacy Shield program available... The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will...more
The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law. The Act, which we covered in an earlier blog post, gives citizens of foreign countries the same rights as US...more
The US Senate passed the amended version of the Judicial Redress Act on February 9. The amendments, which tie the Umbrella Agreement to Safe Harbor 2.0 (now dubbed the US-EU “Privacy Shield”), now go back to the House for...more
As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in Europe. Free apps...more
The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.” The new accord still needs to be reviewed by the Article 29 Working...more
2/4/2016
/ EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
National Security ,
Ombudsman ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend. Commissioner Jourova, who is leading the Safe Harbor 2.0 negotiations for the EU,...more
One of the fascinating aspects of the privacy-related negotiations between the EU and the US over the past couple of years has been the EU’s efforts to decouple trade (e.g, TTIP) and security-related negotiations from the...more
There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially...more
1/29/2016
/ Binding Corporate Rules ,
Corporate Counsel ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework ,
Young Lawyers
The European Court of Human Rights recently ruled in Barbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal...more
As expected, on December 17, 2015, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted to adopt the new General Data Protection Regulation. A LIBE press release announced the...more
The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids...more
The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation. The official version will be available early in 2016, but we will be...more
EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a...more
10/28/2015
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Enforcement ,
EU ,
EU Data Protection Laws ,
European Commission ,
Facebook ,
Germany ,
Google ,
International Data Transfers ,
LIBE ,
Model Contracts ,
National Security Agency (NSA) ,
Personal Data ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
The EU Parliament committee that is charged with considering data protection matters (LIBE) has issued a press release calling on the European Commission to take action before the end of 2015 to come up with alternatives to...more
10/14/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
LIBE ,
National Security Agency (NSA) ,
Personal Data ,
Prior Express Consent ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at curia.europa.eu by searching on...more
10/6/2015
/ Binding Corporate Rules ,
Data Controller ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
US-EU Safe Harbor Framework
The initial reports of the ECJ’s decision in the Schrems Safe Harbor case (C-362/14) indicate that the Court of Justice of the EU has declared Safe Harbor invalid and sent the case back to the Irish Data Protection Authority...more
10/6/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
Prior Express Consent ,
PRISM Program ,
UK ,
US-EU Safe Harbor Framework
The European Court of Justice (ECJ) has announced that it will release its decision in the Schrems Safe Harbor case on Tuesday, October 6. It is highly unusual for the ECJ to issue a decision so quickly after publication of...more
Does your company rely on Safe Harbor to transfer personal data from Europe to the US? If so, it’s time to think about alternatives to Safe Harbor – and fast....more
9/23/2015
/ Binding Corporate Rules ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Personally Identifiable Information ,
UK ,
US-EU Safe Harbor Framework ,
Young Lawyers
Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of personal...more
As EU data protection watchers know, the draft General Data Protection Regulation (which has been around long enough to be universally referred to by its acronym, GDPR) exists in three major versions, with a fourth version...more