Photo of Jetty Tielemans

Henriette (“Jetty”) Tielemans is co-chair of the firm’s Data Privacy and Cybersecurity Practice Group and a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP).  Ms. Tielemans was selected by the European Commission in Brussels to join the five member team of the Commission’s expert group on privacy (GEXPD group).  She advises multinationals on all aspects of data privacy and data security at the EU and Member State level, and has assisted several companies with their compliance and international data transfer issues.

[Update to previous post from August 17, 2018]

On January 23, 2019, the European Commission and Japan mutually recognized each other’s data protection laws as providing an adequate level of protection of personal data (see European Commission press release here). As a result, nearly all personal data can now flow freely between the EU

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).  The CNIL’s decision was triggered by complaints from two non-profit organizations together representing 9974 individuals. The case raises

Merck & Co. recently became the first company to achieve simultaneous approval for its cross-border data transfer strategies through binding corporate rules (BCRs) under principles of the European Union and the cross-border privacy rules (CBPR) process under principles of the Asia-Pacific Economic Cooperation region.  Subscribers to Law360 learned how Merck achieved this goal in an

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the now-defunct Safe Harbor Framework, and may form a future legal basis for transatlantic data flows between Europe and the United States.
Continue Reading Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, about the powers of European data protection authorities (“DPAs”) to suspend transfers of personal data that take place under the existing Safe Harbor arrangement. The CJEU ruled both on the DPAs’ powers and the validity of the Safe Harbor, finding that national data protection authorities do have the power to investigate in these circumstances, and further, that the Commission decision finding Safe Harbor adequate is invalid.

This judgment affects all companies that rely on Safe Harbor. They now need to consider alternative data transfer mechanisms.
Continue Reading EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection authorities in relation to complaints under the

Covington will be hosting a book launch for the 2014 title ‘Data Protection & Privacy Law 2nd Edition’, edited by Monika Kuschewsky, in partnership with The European Lawyer (Thomson Reuters) on September 23, 2014 in Brussels. The event will comprise a half-day workshop followed by a drinks reception. We are pleased to confirm