NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission...more
Parties in the US are allowed broad and liberal discovery of electronically stored information (ESI) relevant and proportional to the claims and defenses in a legal action. When a US-based litigant seeks ESI stored in other...more
Last week started and ended with big announcements in the privacy world. At the end of the week, on August 14th, the regulations implementing the California Consumer Privacy Act of 2018 (CCPA) were finally declared final -...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs,...more
Still grappling with the aftershocks of the Schrems II decision from the CJEU on July 16 (we previously discussed the Schrems II decision here), the European Data Protection Board (“EDPB”) has issued a Frequently Asked...more
In our Schrems II Practical Guidance special reports, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) struck down the EU-U.S. Privacy Shield as a valid mechanism for transferring personal data from the European Economic Area (EEA) to the United States...more
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
Beginning on April 12, 2017, U.S. organizations that are subject to the investigatory and enforcement powers of the FTC or the Department of Transportation will be able to self-certify to the newly adopted Swiss–U.S. Privacy...more
Directive 95/46/EC of 24 October 1995 - Articles 25 and 26 - The transfer of personal data to a third country is allowed: ..if the third country ensures an adequate level of protection; the Commission can...more
On 11 September, TeliaSonera and Telenor have abandoned the proposed merger of their business units in Denmark. The contemplated transaction would have resulted in the establishment of a joint venture active in the provision...more
In the weeks since the October 6, 2015, Court of Justice of the European Union decision (“CJEU Decision”) that invalidated the EU-U.S. Safe Harbor framework, companies have been faced with the quandary of establishing legal...more
Last week, the Vienna Higher Regional Court ruled that most of Max Schrems’ claims against Facebook can proceed, including his claim that Facebook improperly allowed his personal information to be shared with the National...more
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
The European Court of Justice has declared invalid the Safe Harbor data-transfer agreement that has governed EU data flows across the Atlantic for the last 15 years. Thousands of U.S. companies have relied on the Safe Harbor...more
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the...more
The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
The European Court of Justice's (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
Earlier this month the Court of Justice of the European Union struck down the EU-U.S. Safe Harbor Framework which previously provided U.S. companies comfort in that they could follow the framework and know they were not...more
As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies...more
On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The...more
The Court of Justice of the European Union (CJEU) has held that the EU Commission's decision establishing the Safe Harbor data transfer framework is invalid because the Commission failed to determine that the protection...more
The European Court of Justice (ECJ) has struck down the 15-year-old “Safe Harbor” agreement that permitted companies operating in Europe to transmit personal user data to the United States, as long as the U.S. ensures an...more