Tag

Safe Harbor

Browsing

As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield (“Privacy Shield”) to the U.S. Department of Commerce (see https://www.privacyshield.gov/welcome). Privacy Shield is a new legal mechanism that provides “adequate protection” within the meaning of EU data protection laws for transatlantic data flows to the United States. Privacy Shield replaces the U.S.-EU Safe Harbor Arrangement (“Safe Harbor”) as a key mechanism for EU to U.S. data transfers, as the…

The Data Protection Authority (“DPA”) of Hamburg, one of 16 German State DPAs, has issued fines against three companies for failing to implement alternative data transfer mechanisms following the invalidation of the European Commission Safe Harbor adequacy decision in October 2015. The fines range from EUR 8,000 to EUR 11,000 for each company.This is the most high-profile example of a DPA taking action against companies for continuing to transfer personal data from Europe to the…

The Working Party of European Union Data Protection Authorities (“WP29”) recently issued its opinion on the draft EU-U.S. Privacy Shield Adequacy Decision (“Privacy Shield”). As part of the internal EU “comitology” review process for Privacy Shield, WP29 provides a non-binding, yet influential, opinion to the European Commission and Art. 31 Committee ̶ the bodies that will each need to approve Privacy Shield.What Does The WP29 Opinion Mean For Organizations?Given its role as the champion of privacy…

On 25 May 2016, the Irish Data Protection Commissioner (“IDPC”) announced that it would be seeking a judgment from the Court of Justice of the European Union (“CJEU”) on the legal status of the EU Standard Contractual Model Clauses (“EU Model Clauses”) for cross-border data transfers. This development further increases the uncertainty around permissible means of transferring personal data from the EU to the US. Last year, the CJEU declared the EU-US Safe Harbour Framework “inadequate”…

With the year drawing to a close, it seems an opportune time to take stock of some of the key globally relevant data protection developments in 2015 and extract a few trends which are set to continue in 2016.1. Safe Harbor – Cross-border Data Transfers Top The Regulator Priority ListThe Schrems decision of the European Court of Justice invalidating the European Commission’s 2000 Safe Harbor adequacy decision must be the 2015 event that shook up…

On 6 November 2015, the EU Commission issued a communication addressed to the EU Parliament and EU Council with the aim of providing an overview of alternative tools for transatlantic data transfers and to further explain the consequences of the Schrems judgment of the Court of Justice of the European Union (“CJEU”) of 6 October 2015 (C‑362/14).The guidance begins by acknowledging the growing industry concerns about data transfers in light of the Schrems judgment and…

On October 22, 2015, the Czech Data Protection Authority (DPA) sent out letters to companies which are registered as data controllers with the DPA. The letter is essentially a notice to inform such Czech companies about the invalidation of Safe Harbor.RecommendationsThe DPA recommends using EU Model Clauses or BCRs instead for data transfers to third countries. The letter does not require companies to respond to it nor does it stipulate a specific timeline to take…

On 23 October 2015, the Portuguese Data Protection Authority (the “CNPD”) issued a statement (available in Portuguese only) outlining its position on transfers of personal data to the U.S. following the Schrems judgement. Businesses that are subject to Portuguese data protection law and engage in transatlantic data transfers would be prudent to assess and adapt those data transfers in light of the statement.What Does The CNPD Say?The CNPD makes the following key statements:Data flows under…

As the EU body leading the Safe Harbor 2.0 negotiations with the U.S. government, the EU Commission plays a crucial role in the current debate about data transfers from the EU to the U.S. On 26 October, 2015, during her speech to the LIBE Committee of the EU Parliament, Vera Jourová (the EU Commissioner responsible for data protection) provided some important insights into the progress of, and requirements for, Safe Harbour 2.0. Jourová also emphasised the…

On 20 October 2015, the U.S. House of Representatives unanimously passed the Judicial Redress Act (the “Act”) which now awaits approval by the U.S. Senate. The Act is a critical piece in rebuilding the EU/U.S. data transfer puzzle, which broke into pieces last month when the European Union Court of Justice (the “CJEU”) ruled the European Commission Safe Harbor decision invalid. What Is the Act About?Currently, individuals that are not U.S. citizens or permanent residents have…