On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department. The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland … Continue Reading
The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C. The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, … Continue Reading
Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website. Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months. EU Justice Commissioner Věra Jourová recently concluded her visit to the … Continue Reading
When China’s new Cybersecurity Law takes effect on June 1, 2017, China will become another important jurisdiction to watch in the international data transfer space. Before the new Cybersecurity Law officially was promulgated on November 7, 2016, cross-border data transfer of data from China was largely unregulated by the government. While many Chinese laws and … Continue Reading
Yesterday, a group of twenty-seven privacy and civil liberties organizations sent a letter to EU officials opposing the EU-U.S. Privacy Shield, which was released last month and is currently being reviewed by the Article 29 Working Party in the EU. According to the letter, the Privacy Shield “manifestly fails” to meet the standards set by … Continue Reading
Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”). As we explained in recent posts (here and here), publication of an … Continue Reading
On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government. The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading
Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows. The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union decision in the Schrems case declaring the Safe … Continue Reading
By Jean de Ruyt According to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement (for the press release, see here; a reportedly near-final draft of the agreement can be read here). This is a remarkable breakthrough after the first calls for such … Continue Reading
By Tom Jackson On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on: (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.” The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies … Continue Reading
On 19 June 2012, the Article 29 Working Party (WP29), a group that gathers the data protection authorities of all twenty-seven EU Member States, published a working document that sets out a full checklist of the requirements that binding corporate rules (BCRs) for processors must meet. BCRs are internal rules applying to entities of a multinational … Continue Reading
Today, the EU Commission formally approved Israel’s status as a country providing “adequate protection” for personal data under the European Data Protection Directive. The Data Protection Directive generally prohibits personal data from being transferred outside the EU unless the data is subject to an “adequate level of protection,” or certain narrow exceptions apply. As a … Continue Reading