Tag Archives: data transfers

International Data Protection Update

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance, regulatory enforcement actions, and data protection laws in Canada, China, India and Saudi Arabia. Russia’s Attack on Ukraine Government cybersecurity agencies worldwide are … Continue Reading

Are More European Standard Contractual Clauses Coming?

Photo of Andreas KaltsounisPhoto of Nichole SterlingBy Andreas Kaltsounis and Nichole Sterling on Posted in Data Protection, GDPR
On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same law. This new guidance specifies that personal data processing by organizations in countries outside the European Economic Area (EEA) is … Continue Reading

China Issues Draft Measures on Security Assessment of Cross-Border Data Transfer

Photo of Daniel PepperBy Daniel Pepper on Posted in Cybersecurity, Information Governance
On Oct. 29, 2021, the Cyberspace Administration of China (CAC) published the “Draft Measures on Security Assessment of Cross-Border Data Transfer” (Draft Measures) for comment through Nov. 28. The Draft Measures follow and are based on China’s Cybersecurity Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL) and related regulations. These measures appear … Continue Reading

International Data Protection Update – Summer 2021

Photo of Nichole SterlingPhoto of Melinda L. McLellanPhoto of Andreas KaltsounisBy Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on Posted in Data Protection, Enforcement, EU, GDPR, International Privacy Law
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of China passed two new data protection laws. The Data Security Law (DSL) passed in June … Continue Reading

Updated EU Standard Contractual Clauses Are Finally Here

Photo of Nichole SterlingPhoto of Andreas KaltsounisPhoto of Melinda L. McLellanBy Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on Posted in EU, GDPR
On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs. The new SCCs resolve certain practical issues companies faced when using the older versions but … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

Photo of Melinda L. McLellanPhoto of Nichole SterlingBy Melinda L. McLellan and Nichole Sterling on Posted in EU, GDPR
Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

EU-U.S. Privacy Shield Framework Joint Annual Review 2.0

By David M. Brown on Posted in Enforcement, International Privacy Law
As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the EU-U.S. Privacy Shield Framework is underway, and the FTC has announced several new enforcement actions, which … Continue Reading

Privacy Shield Update: Ahead of First Joint Review, Europeans Remain Skeptical as FTC Announces Enforcement Actions

Photo of Melinda L. McLellanBy Melinda L. McLellan and Emily R. Fedeles on Posted in Enforcement, International Privacy Law
On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading

Swiss-U.S. Privacy Shield Framework to Launch April 12

Photo of Melinda L. McLellanBy Melinda L. McLellan and Emily R. Fedeles on Posted in International Privacy Law
On January 11, 2017, the U.S. Department of Commerce, the Swiss Federal Council and the Swiss Federal Data Protection and Information Commissioner (FDPIC) issued press releases announcing that an agreement has been reached on a new cross-border data transfer mechanism, the Swiss-U.S. Privacy Shield Framework (the Swiss Privacy Shield). The Swiss Privacy Shield replaces its … Continue Reading

Privacy Rights Group Files First Legal Challenge to EU-U.S. Privacy Shield

Photo of Melinda L. McLellanBy Melinda L. McLellan and Emily R. Fedeles on Posted in International Privacy Law
Digital Rights Ireland, an Irish privacy advocacy group, has filed the first legal challenge to the EU-U.S. Privacy Shield, the Trans-Atlantic agreement reached earlier this year to permit the lawful transfer of personal data from the European Union to the United States. The Privacy Shield was formally adopted on July 12, 2016, by the European … Continue Reading

Privacy Shield Developments and UK Data Transfers Post-Brexit

Photo of Melinda L. McLellanBy Melinda L. McLellan and Jenna N. Felz on Posted in International Privacy Law
With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

Photo of Melinda L. McLellanBy Jenna N. Felz, Melinda L. McLellan and Alexandra Beierlein on Posted in Enforcement, International Privacy Law
The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision.  On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States.  According … Continue Reading

Companies Face Uncertainty as Privacy Shield Encounters New Hurdles

Photo of Melinda L. McLellanBy Melinda L. McLellan and Jenna N. Felz on Posted in International Privacy Law
The Privacy Shield, proposed this past February and greeted with cautious optimism by European and U.S. regulators alike as a more robust “replacement” for the invalidated Safe Harbor framework, appears to be suffering death by a thousand paper cuts. Today’s European Parliament resolution (the “Resolution”) delivered the latest blow. The Resolution recommends that the European … Continue Reading

Privacy Shield Update: A Recap of Recent Developments

Photo of Melinda L. McLellanBy Melinda L. McLellan and Jenna N. Felz on Posted in International Privacy Law
On April 13, 2016, the Article 29 Working Party (WP29), an influential group of European data protection authorities, issued a non-binding opinion that criticized certain elements of the fledgling Privacy Shield framework. Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

By David M. Brown on Posted in International Privacy Law
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading

Safe Harbor Is Dead, Long Live Standard Contractual Clauses?

Photo of Melinda L. McLellanBy Melinda L. McLellan and William W. Hellmuth on Posted in Enforcement, International Privacy Law
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European … Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

Photo of Melinda L. McLellanBy Tanya Forsheit and Melinda L. McLellan on Posted in Enforcement, International Privacy Law
As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the … Continue Reading
LexBlog