On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement. Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading
On September 16, 2016, Digital Rights Ireland (“DRI”), a digital rights advocacy group, lodged an action with the EU General Court for annulment of the European Commission’s Decision on the EU-U.S. Privacy Shield arrangement. While the existence of the application has only recently become public knowledge, it was widely-expected that the Privacy Shield would face … Continue Reading
On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here). That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11). Once translated and published in the Official … Continue Reading
By Helena Marttila-Bridge Today, the Article 29 Data Protection Working Party (“Working Party”), a group consisting of representatives from the European data protection authorities, the European Data Protection Supervisor, and the European Commission, published its opinion on the EU-U.S. Privacy Shield draft adequacy decision (“Opinion”) (see here). The Opinion is accompanied by a second document, … Continue Reading
As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce. Commerce’s release coincided with the release of a draft adequacy decision by the European Commission. A … Continue Reading
Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”). As we explained in recent posts (here and here), publication of an … Continue Reading
As we reported yesterday, the United States and the European Commission have reached a political agreement on a new framework for transatlantic data flows, referred to as the EU-U.S. Privacy Shield. The U.S. Department of Commerce (“Commerce”) released a fact sheet yesterday to coincide with the announcement of the agreement. The fact sheet includes a … Continue Reading
On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government. The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading
Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows. The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union decision in the Schrems case declaring the Safe … Continue Reading
The Senate Judiciary Committee today successfully reported H.R. 1428, the Judicial Redress Act of 2015. However, the bill included an amendment to the House-passed version that has the potential to influence current negotiations between the United States and the European Union to reach a new Safe Harbor agreement. As we previously reported, the Judicial Redress … Continue Reading
Needless to say, the document most of us are reading now is the 209-page General Data Protection Regulation, just agreed upon by the institutions of the European Union. A few parts are quite a page-turner. (Parental consent for under-16s to access the Internet? Srsly?) But even with this scintillating read, we find ourselves reaching for … Continue Reading
By Monika Kuschewsky and Vera Coughlan Following the judgment of the Court of Justice of the EU of October 6 in the Schrems case (Case C-362/14) (see our previous blog post here), today, the European Commission issued guidance on transfers of personal data from the EU to the U.S. post Schrems. For the press release see … Continue Reading
Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here). This 14-point position paper follows a meeting that these authorities held last week. Key points include: following the Safe Harbor judgment of the … Continue Reading
By Hannah Lepow On October 20, the U.S. House of Representatives passed a bill that would expand the privacy rights of citizens of the European Union in the United States. The bill, known as the Judicial Redress Act of 2015, would allow EU citizens and citizens of other allied nations limited rights to file suit … Continue Reading
The Article 29 Data Protection Working Party (“Article 29 WP”), an EU advisory body on data protection composed of representatives of the national data protection authorities (“DPAs”), the European Data Protection Supervisor and the European Commission, met in plenary on Thursday, October 15, to discuss the first consequences of the judgment of the Court of … Continue Reading
On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary of the ruling here and summary of the … Continue Reading
Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading
The Court of Justice of the European Union (“CJEU”) in Luxembourg will render its judgment in the Schrems case (C-362/14 Maximilian Schrems v Data Protection Commissioner) on October 6, at 9:30 am CET (see here). For details on the case and its potential implications for the U.S.-EU Safe Harbor, see our earlier blog post (here) … Continue Reading
This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here). The AG Opinion has gone further than expected, covering not just the power of national data protection authorities in relation to complaints under the Safe … Continue Reading
By Jean de Ruyt According to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement (for the press release, see here; a reportedly near-final draft of the agreement can be read here). This is a remarkable breakthrough after the first calls for such … Continue Reading
The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program. They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement” that would protect personal data … Continue Reading
Věra Jourová, the European Commissioner for Justice overseeing negotiations with the U.S. Department of Commerce over the future of the EU-U.S. Safe Harbor scheme, has reiterated the May 28th target date for near-completion of the negotiations (previously covered on InsidePrivacy here and here). Her hope is that an agreement in principle can be found at … Continue Reading
By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems). The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC) … Continue Reading
The CJEU “Right to be Forgotten” Ruling. In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12). The CJEU’s decision re-interpreted European data protection law to include … Continue Reading
