NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission...more
Pathways for U.S. companies to transfer personal data out of the European Union have been repeatedly blocked by EU authorities concerned by what they perceive as gaps in data protection under U.S. laws. Schrems I invalidated...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs,...more
EDPB and data protection authorities’ views and statements on the “Schrems II”- decision by the CJEU - On 16 July, 2020, the European Court of Justice (“CJEU“) passed a decision invalidating the EU-US Privacy Shield and...more
If you transfer data from the EU to the US, or if your trusted service providers do, the Schrems II European Court decision1 has seismic significance - even if you do not rely on Privacy Shield. On July 16, 2020, the Court...more
As discussed in an earlier alert, the Court of Justice of the European Union in a landmark decision in the Schrems II case invalidated the EU-US Privacy Shield framework, which was widely used by thousands of US organizations...more
Does your organization transfer personal data from the European Union to the US? If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union. The Schrems II case...more
Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report...more
In the United States companies are permitted to transfer personal information – including sensitive personal information – as needed between their offices, locations, and corporate affiliates. For example there are no...more
On April 13, 2016, the body of European Data Protection Authorities (DPAs)—the "Article 29 Working Party" (WP29)—issued its opinion on the new EU-U.S. Privacy Shield.1 The WP29 acknowledged that progress has been made with...more
There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially...more
On December 15, 2015, the European Union reached an agreement on the final text of the new General Data Protection Regulation. The Regulation will replace the 1995 Data Protection Directive, which is currently the basis for...more
On November 6, 2015, one month after the European Court of Justice decision that invalidated the Safe Harbor framework, the European Commission (the “Commission”) issued a Communication setting forth its position on...more
On October 6, 2015, the European Court of Justice (CJEU) invalidated the US-EU Safe Harbor framework, effective immediately. This momentous decision jeopardizes the continued flow of data from Europe to the US. As the Safe...more
Does your company rely on Safe Harbor to transfer personal data from Europe to the US? If so, it’s time to think about alternatives to Safe Harbor – and fast....more