Tag Archives: EU

Are More European Standard Contractual Clauses Coming?

By Andreas Kaltsounis and Nichole Sterling on November 22, 2021 Posted in Data Protection, GDPR

On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same law. This new guidance specifies that personal data processing by organizations in countries outside the European Economic Area (EEA) is … Continue Reading

International Data Protection Update – Summer 2021

By Nichole Sterling, Melinda L. McLellan and Andreas Kaltsounis on September 21, 2021 Posted in Data Protection, Enforcement, EU, GDPR, International Privacy Law

This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of China passed two new data protection laws. The Data Security Law (DSL) passed in June … Continue Reading

Updated EU Standard Contractual Clauses Are Finally Here

By Nichole Sterling, Andreas Kaltsounis and Melinda L. McLellan on June 8, 2021 Posted in EU, GDPR

On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs. The new SCCs resolve certain practical issues companies faced when using the older versions but … Continue Reading

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

By Melinda L. McLellan and Nichole Sterling on November 19, 2020 Posted in EU, GDPR

Last week, both the European Data Protection Board (EDPB) and the European Commission released highly anticipated draft documents offering guidance to organizations that engage in cross-border data transfers involving EU personal data. The EDPB, an independent body responsible for consistent application of data protection rules throughout the EU, published draft recommendations on supplemental measures for transfer … Continue Reading

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

By Laura E. Jehl, Kyle R. Fath and Jaime B. Petenko on January 31, 2019 Posted in EU-U.S. Privacy Shield Framework, International Privacy Law

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Racing to Meet the 72-hour Deadline to Report a Personal Data Breach in the EU? A GDPR Resource Is Available

By Laura E. Jehl and Jaime B. Petenko on January 28, 2019 Posted in GDPR, International Privacy Law

Companies face substantial challenges in complying with breach notification requirements under Article 33 of the General Data Protection Regulation (GDPR). Article 33 requires a data controller to report a personal data breach to European Union (EU) supervisory authorities within 72 hours of becoming aware of the breach if it is likely to result in a … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

By Melinda L. McLellan and Aaron Lancaster on January 26, 2018 Posted in Enforcement, International Privacy Law

With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

Privacy Shield Developments and UK Data Transfers Post-Brexit

By Melinda L. McLellan and Jenna N. Felz on June 28, 2016 Posted in International Privacy Law

With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

By Jenna N. Felz, Melinda L. McLellan and Alexandra Beierlein on June 9, 2016 Posted in Enforcement, International Privacy Law

The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision. On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States. According … Continue Reading

Safe Harbor Is Dead, Long Live Standard Contractual Clauses?

By Melinda L. McLellan and William W. Hellmuth on October 22, 2015 Posted in Enforcement, International Privacy Law

For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European … Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

By Tanya Forsheit and Melinda L. McLellan on October 12, 2015 Posted in Enforcement, International Privacy Law

As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the … Continue Reading

EU High Court Invalidates Safe Harbor Framework for Cross-Border Data Transfers

By Melinda L. McLellan and James A. Sherer on October 7, 2015 Posted in Enforcement, International Privacy Law

On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The Court’s decision effectively invalidates the European Commission’s “adequacy” determination with respect to the U.S.-EU Safe Harbor Framework, … Continue Reading

A Kinder, Gentler Spanish Data Protection Authority?

By Eric A. Packel on July 29, 2015 Posted in International Privacy Law

As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented … Continue Reading

International Privacy — 2014 Year in Review — EU

By Eric A. Packel on January 5, 2015 Posted in International Privacy Law

While the last refrains of “should old acquaintance be forgot” fade away from New Years’ Eve celebrations, 2014 may be remembered as the year of the “right to be forgotten” in light of an EU privacy ruling last May. Below we cover that ruling and other significant events from 2014 — an eventful year in … Continue Reading

Proposed Amendment to EU Privacy Regulations May Force Choice Between Violating US and EU Law

By Gerald J. Ferguson on October 24, 2013 Posted in International Privacy Law

Authored by Gerald Ferguson and Alan M. Pate On Monday, October 21, 2013, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted to approve an amended version of the proposed EU General Data Protection Regulations. Included in the compromise package is Article 43a, a provision that restricts controllers or processors of … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

By BakerHostetler on October 6, 2013 Posted in Data Breaches, Privacy Class Actions, Privacy Litigation

Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading

Recent Updates in International Data Privacy Law

By Maryanne Stanganelli on September 4, 2012 Posted in International Privacy Law

EU Information Security Agency Recommends Clear and Broad Interpretation of Data Breach Requirements On August 27, 2012, the European Network and Information Security Agency (ENISA) issued a paper, “Cyber Incident Reporting in the EU,” which analyzes the current state of EU legislation covering data breaches. It observes that many breaches remain undetected and, even if … Continue Reading

Mobile App and Geolocation Data Roundup

By Craig A. Hoffman on May 25, 2011 Posted in Behavioral Advertising, Children’s Privacy, Mobile Privacy

A recent national survey of smartphone users, not surprisingly, revealed that privacy, transparency, choice, and control are important considerations for users. Indeed, many users indicated that they want more choices and easier access to controls regarding advertising tracking and geolocation data. Legislators and consumer advocacy groups are taking heed. On May 10, 2011, the Senate … Continue Reading