Brian Hengesbaugh is joined by Michaela Nebel to discuss the enforcement of Schrems II, the decision of the Court of Justice of the European Union from last July 2020 where they invalidated the EU-US Privacy Shield with a focus on US government surveillance activities. This podcast looks squarely into enforcement activities in the aftermath of Schrems IIin Germany, and provides insight into the “coordinated audits of international data transfers” announced by various German data protection…
*Article originally posted on IAPP.org* We are all hopeful the U.S. government can reach an agreement with the European Commission and other EU authorities on a so-called “Privacy Shield 2.0” in the near term. Such an updated arrangement is essential to provide certainty to trans-Atlantic business and assure a high level of protection for personal data transfers. But what’s next? Over recent years, we have witnessed the Court of Justice of the European Union invalidate…
In the wake of “Schrems II,” the future of data transfers is on shaky ground. True, the Biden administration has demonstrated that it is taking trans-Atlantic data flows seriously after appointing Christopher Hoff, CIPP/E, CIPP/US, CIPM, in January, not long after Joe Biden was inaugurated. And though both the US Department of Commerce and European Commission are working together in earnest, short of changing its national security laws, what else can be done to prevent another…
Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…
In its Schrems II judgement of 16 July 2020, the Court of Justice of the European Union (CJEU) invalidated the European Commission’s adequacy decision on the EU-U.S. Privacy Shield. The EU-U.S. Privacy Shield was a data transfer mechanism allowing to transfer personal data from the European Union (EU)/European Economic Area (EEA) to the United States (a so-called third country) in compliance with data protection requirements. The CJEU confirmed that standard contractual clauses (SCCs) remain valid,…
In two decisions on October 6, 2020, the Court of Justice of the European Union (CJEU) has once again provided a strict framework for national surveillance laws applicable to electronic communications and online service providers, and the investigative and intelligence measures related thereto. This is the second time since July (C-311/18, “Schrems II” which has invalidated the “Privacy Shield” due to the inadequacies of the US law) that the CJEU has ruled on these issues.…
In response to the July 16, 2020 Schrems II ruling from the European Court of Justice, the US Department of Commerce has issued a formal “Standard Contractual Clauses” White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data. Government data access safeguards post-Schrems II Following the Schrems II ruling, organizations that…
On 16 July 2020, the European Court of Justice (“ECJ”) ruled that the EU Commission’s 2016 decision regarding the adequacy of data protection in the United States and the EU-US Privacy Shield (“Privacy Shield”)* are invalid. As a result, companies in the EU and United States relying on the Privacy Shield program are scrambling to determine the impact on their operations. Many US companies grant share-based awards to employees of their subsidiaries in the EU…
The Court of Justice of the EU issued its judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximilian Schrems on 16 July 2020. This decision has implications on the wider issue of regulation of international data transfers and, by extension, the tech industry. Our panel of experts, consisting of Lothar Determann, Elisabeth Dehareng and Brian Hengesbaugh, examines the intricacies of the ruling and what it means for the TMT sector. https://open.spotify.com/episode/79SqOrfWy9fICVqHE7myVx
It’s difficult to believe that it has only been a short time since the Court of Justice of the European Union invalidated the European Commission adequacy finding for the EU-U.S. Privacy Shield on July 16, 2020. So much has changed. In this final note in the series, we provide seven predictions for the road ahead with “Schrems II” and global data transfers. Some of these may be more controversial than others, but here goes: 1.…