Latest Posts
Search for:
Tag

Safe Harbor

Browsing
In Privacy Shield

Open for Business: The U.S. Department of Commerce Begins Acceptance of Certifications to the EU-U.S. Privacy Shield

by 5 Mins Read

As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield (“Privacy Shield”) to the U.S. Department of Commerce (see https://www.privacyshield.gov/welcome). Privacy Shield is a new legal mechanism that provides “adequate protection” within the meaning of EU data protection laws for transatlantic data flows to the United States. Privacy Shield replaces the U.S.-EU Safe Harbor Arrangement (“Safe Harbor”) as a key mechanism for EU to U.S. data transfers, as the…

In Privacy Shield

Article 31 Committee Approves EU-U.S. Privacy Shield

by 3 Mins Read

On July 8, 2016, EU Member State representatives on the Article 31 Committee approved the EU-U.S. Privacy Shield (“Privacy Shield”), paving the way for the European Commission to formally adopt an adequacy decision for this critical trans-border data flow arrangement. Once adopted, the Privacy Shield will serve as a new legal mechanism for transatlantic personal data flows.Privacy Shield OverviewThe EU Commission issued a draft adequacy decision and related documents in February that contained the legal…

In Data Privacy

German Regulator Imposes First Fines For Illegal Data Transfers To The U.S.

by 2 Mins Read

The Data Protection Authority (“DPA”) of Hamburg, one of 16 German State DPAs, has issued fines against three companies for failing to implement alternative data transfer mechanisms following the invalidation of the European Commission Safe Harbor adequacy decision in October 2015. The fines range from EUR 8,000 to EUR 11,000 for each company.This is the most high-profile example of a DPA taking action against companies for continuing to transfer personal data from Europe to the…

In Privacy Shield

What Does the WP29 Opinion Mean for the EU-U.S. Privacy Shield?

by 3 Mins Read

The Working Party of European Union Data Protection Authorities (“WP29”) recently issued its opinion on the draft EU-U.S. Privacy Shield Adequacy Decision (“Privacy Shield”). As part of the internal EU “comitology” review process for Privacy Shield, WP29 provides a non-binding, yet influential, opinion to the European Commission and Art. 31 Committee ̶ the bodies that will each need to approve Privacy Shield.What Does The WP29 Opinion Mean For Organizations?Given its role as the champion of privacy…

In EU GDPR

EU Model Clauses in Jeopardy

by 4 Mins Read

On 25 May 2016, the Irish Data Protection Commissioner (“IDPC”) announced that it would be seeking a judgment from the Court of Justice of the European Union (“CJEU”) on the legal status of the EU Standard Contractual Model Clauses (“EU Model Clauses”) for cross-border data transfers. This development further increases the uncertainty around permissible means of transferring personal data from the EU to the US. Last year, the CJEU declared the EU-US Safe Harbour Framework “inadequate”…

In Privacy Shield

EU-U.S. Privacy Shield Unveiled

by 4 Mins Read

On February 29, 2016, the European Commission published a draft adequacy decision and related documents intended to implement the EU-U.S. Privacy Shield. Upon adoption (anticipated for June 2016), the Privacy Shield will serve as a new legal mechanism for transatlantic data flows replacing the U.S.-EU Safe Harbor Framework. We have provided a brief review below, and a more detailed analysis is available here.Self-Certification ProcessLike Safe Harbor, the Privacy Shield will function through a self-certification process…

In Data Privacy

End-of-Year Review

by 4 Mins Read

With the year drawing to a close, it seems an opportune time to take stock of some of the key globally relevant data protection developments in 2015 and extract a few trends which are set to continue in 2016.1. Safe Harbor – Cross-border Data Transfers Top The Regulator Priority ListThe Schrems decision of the European Court of Justice invalidating the European Commission’s 2000 Safe Harbor adequacy decision must be the 2015 event that shook up…

In Privacy Shield

EU Commission Issues Guidance on Personal Data Transfers from EU to U.S.

by 7 Mins Read

On 6 November 2015, the EU Commission issued a communication addressed to the EU Parliament and EU Council with the aim of providing an overview of alternative tools for transatlantic data transfers and to further explain the consequences of the Schrems judgment of the Court of Justice of the European Union (“CJEU”) of 6 October 2015 (C‑362/14).The guidance begins by acknowledging the growing industry concerns about data transfers in light of the Schrems judgment and…

In Privacy Shield

Czech DPA: EU Model Clauses A Valid Safe Harbor Alternative

by 1 Min Read

On October 22, 2015, the Czech Data Protection Authority (DPA) sent out letters to companies which are registered as data controllers with the DPA. The letter is essentially a notice to inform such Czech companies about the invalidation of Safe Harbor.RecommendationsThe DPA recommends using EU Model Clauses or BCRs instead for data transfers to third countries. The letter does not require companies to respond to it nor does it stipulate a specific timeline to take…

In Privacy Shield

Portuguese DPA Statement On Transatlantic Data Transfers

by 3 Mins Read

On 23 October 2015, the Portuguese Data Protection Authority (the “CNPD”) issued a statement (available in Portuguese only) outlining its position on transfers of personal data to the U.S. following the Schrems judgement. Businesses that are subject to Portuguese data protection law and engage in transatlantic data transfers would be prudent to assess and adapt those data transfers in light of the statement.What Does The CNPD Say?The CNPD makes the following key statements:Data flows under…

Load More