Archives: International

Subscribe to International RSS Feed

Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper, Phil Bradley-Schmieg and Joseph Jones Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union … Continue Reading

Senate Committee Passes Judicial Redress Act, May Assist Safe Harbor Negotiations

The Senate Judiciary Committee today successfully reported H.R. 1428, the Judicial Redress Act of 2015.  However, the bill included an amendment to the House-passed version that has the potential to influence current negotiations between the United States and the European Union to reach a new Safe Harbor agreement. As we previously reported, the Judicial Redress … Continue Reading

European Parliament Committee Approves EU Cybersecurity Rules and Publishes Agreed Text

By Mark Young and Vera Coughlan Formal adoption of the EU Network and Information Security (NIS) Directive is a step closer following a vote on January 14 by the European Parliament’s internal market and consumer protection (IMCO) committee. As we reported in December, the European institutions reached an informal political agreement on the NIS Directive … Continue Reading

European Court of Human Rights Rules That Employers Can Monitor Employee Private Communications

On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights). This judgment will influence how other European national courts and regulators view … Continue Reading

China Enacts New Counter-Terrorism Law

On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here, and an unofficial English translation here), which took effect on January 1, 2016.  The adoption of this law, a year after the first draft was released for public comment, … Continue Reading

The New EU Data Protection Law: Key Elements for Business

The General Data Protection Regulation (GDPR) (see the latest text here), which was approved at the political level last week, heralds a new era of data protection in the EU and beyond.  The GDPR imposes numerous new obligations on companies both within and outside the EU, strengthens the rights of individuals and foresees stiff penalties … Continue Reading

LIBE Committee Votes in Favor of the GDPR

By Vera Coughlan and Monika Kuschewsky This morning, the European Parliament’s Civil Liberties, Justice and Home Affairs committee (“LIBE”) formally adopted the result of the negotiations on the EU’s General Data Protection Regulation (“GDPR”).  The text of GDPR was the outcome of trilogue negotiations between the European Parliament and Council and the Commission, which concluded … Continue Reading

Political Agreement on the EU General Data Protection Regulation – Start of a New EU Privacy Era?

By Monika Kuschewsky, Charlotte Ryckman and Vera Coughlan Today, the EU institutions reached the long-awaited political agreement on the General Data Protection Regulation (GDPR), which will fundamentally change the EU privacy landscape (for the Commission press release see here and the European Parliament press release here).  Almost four years after the publication of the legislative … Continue Reading

European Institutions Reach Agreement on EU Cybersecurity Rules

On December 7, 2015, the European institutions reached an informal agreement on the EU Network and Information Security (NIS) Directive — dubbed the Cybersecurity Directive (see press release from the Council).  Among other things, the NIS Directive imposes security and incident reporting obligations on operators of essential services in critical sectors and on some digital … Continue Reading

European Commission issues guidance on the impact of the Schrems (Safe Harbor) ruling of the EU’s Highest Court

By Monika Kuschewsky and Vera Coughlan Following the judgment of the Court of Justice of the EU of October 6 in the Schrems case (Case C-362/14) (see our previous blog post here), today, the European Commission issued guidance on transfers of personal data from the EU to the U.S. post Schrems. For the press release see … Continue Reading

Trans-Pacific Partnership Trade Agreement May Authorize Cross-Border Data Flows

The text of the Trans-Pacific Partnership (“TPP”) agreement was released to the public for the first time today.  The TPP has yet to be ratified by the twelve Pacific Rim nations that negotiated the agreement, including the United States, where it has encountered opposition in Congress.  The nations that participated in the negotiations for the … Continue Reading

Schrems (Safe Harbor) Judgment – German Data Protection Authorities Issue Position Paper

Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here).  This 14-point position paper follows a meeting that these authorities held last week.  Key points include: following the Safe Harbor judgment of the … Continue Reading

House Passes Bill Expanding Privacy Rights of EU Citizens in Wake of Schrems Ruling

By Hannah Lepow On October 20, the U.S. House of Representatives passed a bill that would expand the privacy rights of citizens of the European Union in the United States. The bill, known as the Judicial Redress Act of 2015, would allow EU citizens and citizens of other allied nations limited rights to file suit … Continue Reading

Article 29 WP On the Schrems Ruling (Safe Harbor) − Latest Developments and Next Steps

The Article 29 Data Protection Working Party (“Article 29 WP”), an EU advisory body on data protection composed of representatives of the national data protection authorities (“DPAs”), the European Data Protection Supervisor and the European Commission, met in plenary on Thursday, October 15, to discuss the first consequences of the judgment of the Court of … Continue Reading

Debate in the European Parliament’s LIBE Committee on the Schrems ruling

By Monika Kuschewsky, Fredericka Argent and Joseph Jones On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary … Continue Reading

EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading

UK ICO Issues Largest Ever Fine In Connection With Automated Marketing Calls

By Mark Young and Joseph Jones The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls.  The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in … Continue Reading

EU Parliament Policy Report Takes Dim View of EU Commission’s “Pro-Market” Policies on Big Data and Smart Devices

A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, … Continue Reading

EU’s Highest Court Rules on Applicable Law and Territorial Powers of the National Data Protection Authorities

On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14).  The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered … Continue Reading

EU-U.S. Safe Harbor: Judgment in the Schrems Case Scheduled For October 6

The Court of Justice of the European Union (“CJEU”) in Luxembourg will render its judgment in the Schrems case (C-362/14 Maximilian Schrems v Data Protection Commissioner) on October 6, at 9:30 am CET (see here). For details on the case and its potential implications for the U.S.-EU Safe Harbor, see our earlier blog post (here) … Continue Reading

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

By Jetty Tielemans, Mark Young and Joseph Jones This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection … Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

Data Localization Requirements Through the Backdoor? Germany’s “Federal Cloud”, and New Criteria For the Use of Cloud Services by the German Federal Administration

In May 2015, reports about the German government’s plans to establish federal German cloud infrastructure (the “Bundes-Cloud”) raised concerns about the possible introduction of data localization requirements (preventing the storage and processing of data outside Germany).  The criteria for the use of cloud services by Germany’s federal administration, which have recently been published, now give … Continue Reading
LexBlog