Archives: Cross-Border Transfers

Subscribe to Cross-Border Transfers RSS Feed

New Proposed Standard Sheds Light on Cross-Border Security Assessment in China

On May 27, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment (Draft Version) (the “draft Standard”) for public comments.  The official Chinese version of … Continue Reading

First Annual Privacy Shield Review Will Comprehensively Assess the Framework

The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C.  The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, … Continue Reading

Privacy Shield Approaches 2,000 Participants; Review Scheduled for September

Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website.  Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months. EU Justice Commissioner Věra Jourová recently concluded her visit to the … Continue Reading

Cross-Border Data Transfer: A China Perspective

When China’s new Cybersecurity Law takes effect on June 1, 2017, China will become another important jurisdiction to watch in the international data transfer space. Before the new Cybersecurity  Law officially was promulgated on November 7, 2016, cross-border data transfer of data from China was largely unregulated by the government.  While many Chinese laws and … Continue Reading

Senators Seek Answers from DHS on Privacy Aspects of Trump Order, Including Privacy Shield

On February 9, 2017, six Democratic senators wrote to DHS Secretary John Kelly about their concerns over a Trump executive order that would remove Privacy Act protections for non-U.S. citizens and lawful permanent residents. Senators Ed Markey (MA), Ron Wyden (OR), Jeff Merkley (OR), Al Franken (MN), Chris Coons (DE), and Mazie Hirono (HI) wrote … Continue Reading

European Commission Dismisses Privacy Shield Concerns Over Trump Executive Order

On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S.  Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy … Continue Reading

Switzerland and US Announce New Commercial Data Transfer Framework

On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement.  Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading

EU Commissioner Plans to Assess U.S. Privacy Shield Commitments

In an interview with Politico (link requires a subscription), EU Justice Commissioner Věra Jourová, one of the principal architects of the EU-U.S. Privacy Shield, indicated that she plans to visit the U.S. once the Trump Administration is in place to assess the state of the new administration’s commitment to the Privacy Shield.  In the interview, … Continue Reading

European Commission Unveils Data Economy Package: International Data Transfers

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post here); and A Communication … Continue Reading

European Parliament Approves EU-U.S. Umbrella Agreement

Yesterday, the European Parliament voted to approve the EU-U.S. Umbrella Agreement, a framework for the exchange of personal data for law-enforcement (including anti-terrorism) purposes between the EU and U.S.  As we previously explained, negotiations on this Agreement have been underway for quite some time, with the European Parliament first calling for it back in March … Continue Reading

LinkedIn Blocked in Russia Following Breach of Data Localization Laws

By Ezra Steinhardt and Gemma Nash On November 11, 2016, a Russian court in Moscow upheld the decision of an earlier court to block online access to the website LinkedIn throughout Russia.  This decision, which affirms a decision to penalize LinkedIn by the Russian data protection regulator, the Roskomnadzor, was based on the court’s view that … Continue Reading

Challenge to EU-U.S. Privacy Shield Lands at EU Court

On September 16, 2016, Digital Rights Ireland (“DRI”), a digital rights advocacy group, lodged an action with the EU General Court for annulment of the European Commission’s Decision on the EU-U.S. Privacy Shield arrangement.  While the existence of the application has only recently become public knowledge, it was widely-expected that the Privacy Shield would face … Continue Reading

Luxembourg Bill Amending the Data Protection Act with regard to the Authorization Regime

On August 31, 2016, a bill was presented to the Luxembourg Parliament (the “Bill”) to amend the Law of August 2, 2002, on the Protection of Persons with regard to the Processing of Personal Data. The Bill aims to reduce the current administrative burden and anticipates the application of the General Data Protection Regulation (“GDPR”) … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

EU and US Unveil the New Privacy Shield

At a joint press conference in Brussels this morning (July 12, 2016), EU Commissioner Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the new EU-U.S. data transfer mechanism (see press release here, adequacy decision text here, annexes here and Q&A factsheet here).  The press conference followed the approval of the underlying adequacy decision … Continue Reading

Privacy Shield Deal Passes Major EU Hurdle

On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here). That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11).  Once translated and published in the Official … Continue Reading

European Data Protection Supervisor Opinion on the Privacy Shield

On May 30, the European Data Protection Supervisor (the “EDPS”) issued an opinion on the Privacy Shield, see opinion here and press release here.  The EDPS acknowledged that the European Commission’s draft adequacy decision on the Privacy Shield is a step in the right direction and shows a number of improvements compared to the EU-U.S. … Continue Reading

European Parliament Passes Resolution on the Privacy Shield

This morning (May 26, 2016) the European Parliament (“EP”) approved a non-binding resolution on the proposed EU – U.S. Privacy Shield (see resolution here and press release here).  The resolution is far more positive in relation to the Privacy Shield than some of the proposals floated by some political groups earlier this week (see, for instance, the resolution proposed … Continue Reading

How Merck Achieved BCRs and CBPRs Simultaneously

Merck & Co. recently became the first company to achieve simultaneous approval for its cross-border data transfer strategies through binding corporate rules (BCRs) under principles of the European Union and the cross-border privacy rules (CBPR) process under principles of the Asia-Pacific Economic Cooperation region.  Subscribers to Law360 learned how Merck achieved this goal in an … Continue Reading
LexBlog