Compliance Perspectives: The End of the Privacy Shield
Nota Bene Episode 89: European Q3 Check In - Merger Clearance and Data Protection Court Rulings and Brexit Updates with Oliver Heinisch
Cloud-based HR systems have become standard for multinational businesses, driving efficiency but also increasing compliance and privacy risks. Indeed, a recent Workday case, which originated in Germany, has clarified the...more
In this Essential Guide, which is part of Orrick’s Cybersecurity & Privacy Compass Series, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation...more
On July 10, 2023, the European Commission adopted its adequacy decision on data transfers for the EU-U.S. (European Union/United States) Data Privacy Framework (DPF). The adequacy decision concluded that the United States...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who...more
On 13 January 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued an important opinion in the case of Facebook Belgium v Gegevensbeschermingsautoriteit (C-645/19) which considers the...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
Will the EU finally deny the right to transfer any personal data from its shores to the United States? Its privacy decisions have been inching closer to this determination for years, and an Irish case against Facebook may tip...more
Barely one month after the Court of Justice of the European Union (CJEU) issued its Schrems II decision striking down the EU-U.S. Privacy Shield Framework (Privacy Shield), Austrian privacy activist Max Schrems has filed 101...more
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
Facebook is at the center of the “Schrems” case, which exposed contradictions between U.S. and EU data privacy rules and toppled the U.S./EU Safe Harbor (Schrems I). In Schrems II, Austrian Max Schrems challenges the adequacy...more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the California attorney general's draft regulations on the California Consumer Privacy Act, the CJEU's clarified rulings on the use of cookies, the...more
In this month's edition of our Privacy & Cybersecurity Update, we examine five amendments to the California Consumer Privacy Act, the EU Court of Justice's rulings on the "Right to Be Forgotten" and what qualifies as a joint...more
The Paris office of Hogan Lovells is pleased to provide this English language edition of our monthly e - newsletter, which offers a legal and regulatory update covering France and Europe for April 2018. ...more
On 21 March 2019, an advocate general (AG) of the Court of Justice of the European Union (CJEU) delivered an opinion that sheds light on key issues related to websites’ use of cookies — data packets that can be used by...more
On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”). Specifically, the Guidelines address...more
Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report...more
On October 18, 2017, the European Commission issued its report on the first annual review of the EU- U.S. Privacy Shield, aimed at allowing personal data transfer from the EU to the U.S. through the implementation of a data...more
The long-running legal challenge on the validity of transfers of personal data from the European Union reached another milestone last week. On October 3, the Irish High Court referred questions on the validity of EU Standard...more