Archives: Global Data Transfers

Subscribe to Global Data Transfers RSS Feed

Round-up of Safe Harbor guidance issued by EU Data Protection Authorities

October has been a busy month for Data Protection Authorities in the EU. Following the Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14) on 6 October, uncertainty ruled. Businesses and DPAs alike struggled to come to terms with the implications of the invalidation of Safe Harbor. This week, … Continue Reading

U.S. Congress passes the Judicial Redress Act, but does it provide effective redress?

In an uncharacteristically swift move, the United States Congress passed the Judicial Redress Act (“Act”) on 20 October 2015. The Act proposes to extend safeguards implemented under the Privacy Act 1974, and, if brought into force, would allow non-U.S. citizens to bring civil actions against United States agencies in certain circumstances. To become law, the Act must now … Continue Reading

The Article 29 Working Party releases statement on Safe Harbor

On 16 October, the Article 29 Working Party released a statement (“Statement”) on the implications of the Court of Justice of the European Union’s (“CJEU”) judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14). In that judgment, the CJEU invalidated the Safe Harbor regime, which for 15 years had been one of the main tools available to … Continue Reading

The Safe Harbor Ruling – FAQs and What Your Business Should Do Now

We previously issued a briefing on the Court of Justice of the European Union’s (CJEU) ruling that declared all transfers of personal data from the EU to the United States under the U.S.-EU Safe Harbor Framework, including those conducted by vendors or suppliers, immediately invalid.  On 14 October 2015, we presented a webinar on this topic, including a practical discussion of the … Continue Reading

What You Need to Know About the Court of Justice of the European Union’s Safe Harbor Ruling: A Practical Discussion of the Impact and Solutions

Recent headlines continue to explore the ramifications of the Court of Justice of the European Union’s ruling declaring the long-standing EU U.S. Safe Harbor framework invalid. The decision will have widespread implications on how global corporations manage the international transfer of data. Please join Reed Smith on October 14, 2015 at 9:00 a.m. PT | … Continue Reading

Safe Harbor Invalid! Will the ECJ follow the Advocate General recommendation?

Advocate General Yves Bot today delivered an opinion recommending that the European Court of Justice (ECJ) find the U.S.-EU Safe Harbor Program invalid. His opinion, while non-binding, relates to a request for a preliminary ruling referred to the ECJ by the High Court of Ireland, Irish Court in Schrems v. Data Protection Commissioner, (ECJ, No. … Continue Reading

Hungary accepts use of BCRs as part of recent data protection law changes

On 6 July 2015, the Hungarian Parliament adopted several amendments (‘Amendments’) to Act CXII 2011 on the Right of Informational Self-Determination and the Freedom of Information (‘Data Protection Act’). The Amendments, currently only available in Hungarian, are designed to develop the data protection and right-to-access public information rules within Hungary, and fix problems the Hungarian … Continue Reading

APEC and Article 29 Working Party cooperation helps facilitate growth of BCRs and CBPRs

In late May, the Article 29 Working Party published the letter it sent to the APEC Data Protection subgroup. The letter follows previous discussions and extends cooperation between the two international organisations on data transfer mechanisms, and sets out new plans to align the EU Binding Corporate Rules (‘BCR’) with the APEC Cross-Border Privacy Rules … Continue Reading

Canada accepted into APEC Privacy System

On 15 April 2015, Canada became the fourth country to join the APEC Cross-Border Privacy Rules System, a voluntary consumer data privacy program, behind Japan (2014), Mexico (2013), and the United States (2012).  All 21 APEC countries were involved in the construction of this system, but membership is not guaranteed. Interested countries are required to … Continue Reading

New Jersey Requires Encryption for Health Insurance Carriers; May Open Door to Class Action Suits over Violations Under State Consumer Protection Law

Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.” Violation of this new law constitutes a facial violation of the New Jersey Consumer Fraud Act, a powerful consumer remedies statute. The NJCFA can be enforced by the state attorney general, or by … Continue Reading

Amendments to Poland’s Data Protection Law Ease the Rules on Data Exports and Data Protection Officers

The Polish Parliament passed the Facilitation of Business Activity Act (source in Polish) which significantly amends the existing Act on Personal Data Protection. The amendments come into force 1 January 2015. The changes mean that the EU Commission’s approved Standard Contractual Clauses for data transfers (“SCCs”) and approved Binding Corporate Rules (“BCRs”) are automatically recognised … Continue Reading

Japanese data privacy developments – global transfers and privacy notices code

This post was also written by Taisuke Kimoto, Matthew N. Peters, and Yumiko Miyauchi. In recent weeks, Japanese data protection and privacy law has seen developments in two areas: (1) The Ministry of Economy, Trade and Industry (METI) issuing its first code of practice on privacy notices (2) The Asia-Pacific Economic Cooperation (APEC) approving Japan’s participation in … Continue Reading

Article 29 Working Party proposes clauses for data transfers from EU processors to non-EU subprocessors

This post was also written by Matthew N. Peters. As is well-known, personal data is restricted from leaving the EEA. On 21 March, the EU’s Article 29 Working Party (the WP) issued draft ad hoc model clauses for data transfers from EU processors to non-EU subprocessors.  While not yet approved by the EC Commission, this … Continue Reading

LIBE Committee Report on U.S. Surveillance Activities Calls for an End to EU-U.S. Data Transfers

Recently leaked, the LIBE Committee draft report on surveillance activities signals a dim future for the international free flow of data in the eyes of the European Parliament. The report despairs of the recent revelations by whistle-blowers about the extent of U.S. mass surveillance activities, causing the trust between the EU and the United States … Continue Reading

Ukrainian Data Protection Authority Sets Parameters for Cross-Border Data Transfers

The Ukrainian data protection authority, the State Service of Ukraine on Personal Data Protection (The Service), has issued a letter (No.10/203-13) to clarify the permitted circumstances for transfers of data outside of Ukraine. Ukraine is not a member of the EU and therefore has not implemented the EU Data Protection Directive 95/46/EC, including provisions governing … Continue Reading

Poland’s Draft Data Protection Law To Alter the Rules for Data Transfer and Data Privacy Officers

A draft of Poland’s new draft data protection law has been released and has the potential to significantly change the rules in Poland governing international data transfers and data privacy officers. Under existing rules, Poland is an EU member state that does not currently recognise the Standard Contractual Clauses or Binding Corporate Rules (BCRs) as … Continue Reading

Progress for European Data Protection Reform Halted

We recently reported on the excitement surrounding the breakthrough vote by European Parliament on 21 October which put the delayed overhaul of European data protection rules back on track. Following this landmark vote, Peter Hustinx, European Data Protection Supervisor, issued a press release, stating, “It is essential that the European Union acts quickly so that … Continue Reading

Breakthrough Vote by European Parliament Sets Delayed Data Protection Overhaul Back on Track

In January 2012, the European Commission proposed a legislative package to update the data protection principles enshrined in the 1995 Data Protection Directive (Directive 95/46/EC). The policy objectives of the European Commission set out an ambitious blueprint for a more cohesive EU data protection framework backed by stronger enforcement. Central to facilitating this were proposals … Continue Reading

U.S.-EU Safe Harbor Under Fire

As part of an on-going debate on the European data protection reform, doubts were cast over the adequacy of the Safe Harbor arrangements with the United States. Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, called the 13-year-old data-sharing agreement between the EU and the United States a potential “loophole for data … Continue Reading

Data protection vs. anti-money laundering, counter terrorism and traceable money transfers

Last month, the European Commission published a letter from the Article 29 Working Party (Art. 29 Working Party) to Juan Fernando López Aguilar, chair of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). The letter addressed the proposed new directive on the prevention of money laundering and terrorist financing through financial … Continue Reading

Latin America Update: Mexico’s new Privacy Notice Guidelines and Colombia’s first data protection laws

MEXICO: New Privacy Notice Guidelines were introduced April 17, 2013, specifying the format and contents of privacy notices required for the direct or automated collection of personal data. The Guidelines seek to enable data subjects to make free and informed choices, by ensuring that they are given information and an opportunity to consent and object … Continue Reading

Francophone Data Protection Authorities postpone adoption of a new framework for international data transfers

During its 6th Annual Meeting, The Association of Francophone Data Protection Authorities (AFAPDP) decided to postpone the adoption of a new framework for international data transfers between French-speaking nations. DataGuidance reports that after considering the proposals, the AFAPDP members decided that they need additional time to assess them. This means that the new regime, which … Continue Reading

EU and U.S. sign joint declaration to make Internet safer for children

EU Commission Vice-President Neelie Kroes, responsible for the Digital Agenda for Europe, and U.S. Secretary of Homeland Security Janet Napolitano, have signed a joint Declaration to “work collectively and in partnership to reduce the risks and maximise the benefits of the Internet for children.” The declaration demonstrates a mutual recognition by the United States and … Continue Reading

Indian Government Official asks EU to declare India an adequate country for data transfers

Shri Anand Sharma, Union Minister for Commerce, Industry & Textiles in India, emphasised, at a bilateral meeting with the European Commissioner for Taxation and Customs Union, that in order for the Bilateral Trade and Investment Agreement (BTIA) between the EU and India to be successful, India must be declared an adequate country for data transfers. … Continue Reading
LexBlog