EU GDPR Archives

In Data Privacy

Reconciling US Export Control Law and Swedish Privacy Law

February 21, 2020 by Helena Engfeldt and Jennie Nilsson 1 Min Read

Multinational organizations subject to privacy laws, such as the EU General Data Protection Regulation, are sometimes also subject to seemingly conflicting trade law. One area of US trade law requires that before exporting certain products or technologies, companies screen against US sanctions lists to prevent the goods from being available to states or individuals deemed bad actors. The lists often contain sensitive information, including personal data relating to suspected or confirmed criminal liability. Click here…

In Data Privacy

Schrems II: The Data Importer Perspective

February 19, 2020 by Francesca Gaudino and Valeria Benedetti del Rio 5 Mins Read

Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to the position of the data importer. Indeed, in the following paragraphs, we will turn our attention to the content of the Controller to Processor Standard Contractual Clauses (SCC) and, in particular, to some…

In Data Privacy

Schrems II: The Data Exporter Perspective

February 12, 2020 by Francesca Gaudino and Valeria Benedetti del Rio 4 Mins Read

In this blog post we further analyse the impacts of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case. We will focus, more specifically, on what it means for data exporters and what consequences there may be for them, if the decision of Court of Justice of the European Union (CJEU) on the case is consistent with the a.g’s opinion. Data importers will be the focus of another post,…

In Data Privacy

Brexit Implications on Privacy Shield and Data Transfers

February 10, 2020 by Brian Hengesbaugh and Harry Valetk 3 Mins Read

On midnight January 31, 2020, the United Kingdom’s law formally governing its exit from the European Union went into effect. From a data protection perspective, however, Brexit has not resulted in any changes in law. In fact, The EU Withdrawal Agreement implements a transition period to resolve post Brexit concerns and other formalities through December 31, 2020. During that time period, most EU law (including GDPR) will continue to apply, and, presumably, the UK will…

In Data Privacy

Podcast Episode 09: Post-Brexit Data Protection Considerations

February 3, 2020 by Brian Hengesbaugh and Benjamin Slinn 1 Min Read

In this episode, your host Brian Hengesbaugh is joined by Benjamin Slinn, a senior associate in our London office, to discuss how data protection may look in a post-Brexit Europe. In this episode, you will learn about: What to expect during the transition period, which lasts until December 31, 2020Potential changes in international data transfers after the transition period expiresPractical steps from a data protection perspective that companies should consider taking to prepare for the end…

In Data Privacy

Data Protection and Brexit

January 30, 2020 by Benjamin Slinn and Joanna De Fonseka 6 Mins Read

After January 31, 2020 the UK ceases to be a Member State of the European Union and, under the terms of the Withdrawal Agreement agreed between the UK and the EU-27, a transition period applies until December 31, 2020. From a data protection perspective, this has a number of implications. We have summarised the key points below, including what happens after the UK leaves the EU on January 31, the implications for international data transfers,…

In Data Privacy

Podcast Episode 08: Key Aspects of EDPB Guidelines on the Territorial Scope of GDPR

January 30, 2020 by Brian Hengesbaugh and Michaela Nebel 1 Min Read

In this Connect on Tech Episode, Brian Hengesbaugh and <ichaela Nebel focus on new EDPB guidelines on the territorial scope of application of GDPR.

In Data Privacy

FTC Fines Five Companies for Falsely Claiming Privacy Shield Certification

January 24, 2020 by Harry Valetk and Brian Hengesbaugh 2 Mins Read

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

In Data Privacy

Binding Corporate Rules: An Attractive Inter-Company Data Transfer Vehicle and More

January 23, 2020 by Wouter Seinen and Andre Walter 4 Mins Read

At the doorstep of 2020, advocate general Hendrik Saugmandsgaard Øe (a.g.) rendered his opinion in the so called “Schrems II case” and opined on how European Court of Justice should deal with the GDPR’s regime for international data transfers. See here for a summary on the Schrems II case. In a series of blogs, we further elaborate on the consequences of that opinion and the impact it may have on the current international data transfer…

In Data Privacy

Podcast Episode 07: Breach Notification in Austria Under GDPR

January 21, 2020 by Brian Hengesbaugh and Dr Lukas Feiler 1 Min Read

Joining host Brian Hengesbaugh this episode is Dr. Lukas Feiler, a partner in Baker McKenzie’s Vienna office. Brian and Lukas discuss breach notification in Austria under the European Union’s General Data Protection Regulation (GDPR). Specifically, how to deal with the 72-hour requirement and some of the related strategic decisions. In this episode, you will learn about: What happens when Austrian data protection authorities follow up on a data breach notificationWhether having a “file early, file…