Tag Archives: Safe Harbor

Cross-border data flows: FAQs released for Swiss-U.S. Privacy Shield

For organisations with data flows between the United States and Switzerland, it is now possible to self-certify into the Swiss-U.S. Privacy Shield Framework. This process became available on 12 April 2017. The Swiss-U.S. Privacy Shield will operate in a substantially similar way to the EU-U.S. Privacy Shield. There are, however,  key differences, including: (1) the … Continue Reading

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to the case brought by Max Schrems in 2015, which led to the Safe Harbor framework being declared immediately invalid. Wood reminds organisations that continued … Continue Reading

EU-U.S. Data Privacy Shield adopted by European Commission

Following a positive vote from the Article 31 Committee on 8 July, the EU-US Privacy Shield was formally adopted on 12 July and will enter immediately into force in the EU. In the U.S. the Privacy Shield will be published in the Federal Register, becoming effective on 1 August and will be operated by the … Continue Reading

German Data Protection Authority fines companies for transferring data to the United States

Following the CJEU’s judgment of October 2015 invalidating the European Commission’s Safe Harbor Decision, the Data Protection Authority Hamburg (“DPA Hamburg“) started investigations against 35 internationally operating companies in Hamburg. According to a press release of DPA Hamburg of 6 June 2016, these investigations revealed that the majority of the companies under investigation had used … Continue Reading

Now That Details of the EU-U.S. Privacy Shield Have Been Revealed, Should Your Company Get Ready to Embrace It or Avoid It?

In the latest step toward finalising a replacement for the defunct Safe Harbor program, the European Commission has published its draft adequacy decision, formally supporting its view that the proposed EU-U.S. Privacy Shield will ensure an adequate level of protection for the transfer of personal data from the EU to U.S. companies which enlist in … Continue Reading

The CNIL sets expectations as to the ‘EU-U.S. Privacy Shield’ and starts implementing enforcement measures in case of Safe Harbor remediation default

The CNIL issued a press release February 4, setting expectations concerning the “EU-U.S. Privacy Shield” work-in-progress. In the same time, it has switched to enforcement mode concerning Safe Harbor remediation failure. Click here to read more in the issued Client Alert.… Continue Reading

By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation

On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook. The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the … Continue Reading

EU Data Protection Regulators All Set to Scrutinise ‘EU-U.S. Privacy Shield’ and Transfer Mechanisms to the U.S. Generally

On 3 February, the Article 29 Working Party (‘WP29’), a group comprising representatives of the EU Member States’ Data Protection Authorities (‘DPAs’), issued a statement cautiously welcoming the agreement on an “EU-U.S. Privacy Shield”. If it is formally adopted, the Privacy Shield will replace the Safe Harbor agreement that was declared invalid by the EU’s … Continue Reading

Safe Harbor re-launched as the “EU-U.S. Privacy Shield” – but doubts are already raised that it will live to survive a battle

After what seemed like sure defeat, an agreement on Safe Harbor has apparently been reached. Dubbed the “EU-U.S. Privacy Shield”, the regime will, subject to approval processes, replace the existing Safe Harbor arrangement which was invalidated 6 October 2015. Click here to read more in the issued Client Alert.… Continue Reading

What’s Next for International Privacy? The European Union’s Safe Harbor Ruling: A Practical Discussion of the Impact and Solutions

Fallout remains from the Court of Justice of the European Union ruling declaring the long standing EU-US Safe Harbor framework invalid. The decision will have widespread implications on how global corporations manage the international transfer of data. This webinar will offer practical solutions to companies to mitigate risks while transferring data across global borders. What … Continue Reading

Germany to expand consumer associations’ right to sue companies for breach of data protection laws

On 17 December 2015, the German Parliament (Deutscher Bundestag) passed a bill on the improvement of enforcement of data protection provisions protecting consumers (Entwurf eines Gesetzes zur Verbesserung der zivilrechtlichen Durchsetzung von verbraucherschützenden Vorschriften des Datenschutzrechts). Under the new law, registered consumer associations will have the right to sue companies for violations of data protection laws … Continue Reading

The French CNIL officially requires the use of EU Model Clauses as a quick fix for businesses impacted by the recent Safe Harbor ruling of CJEU – Companies must be compliant as of end January 2016

On 19 November, the CNIL released an article in order to provide companies impacted by the recent CJEU ruling on invalidation of Safe Harbor with guidance on the next steps. The article was published at the same time the CNIL sent a mailing to all data controllers relying on Safe Harbor to fix the issue. … Continue Reading

Spain issues deadline for implementing alternative Safe-Harbor mechanisms

Spain’s Data Protection Authority, the Agencia Española de Proteccion de Datós (‘AEPD’), has issued a deadline of 29 January 2016, for the implementation of alternative mechanisms to Safe Harbor. By letter dated 3 November 2015, the AEPD imposed the deadline on all companies operating in Spain that had previously notified it of personal data transfers … Continue Reading

Safe Harbor update: European Commission issues communication following Safe Harbor invalidation – Safe Harbor 2.0 in three months?

On 6 November, the European Commission released a communication on the implications of the Court of Justice of the European Union’s decision invalidating the Safe Harbor framework. The key message, which echoes previous announcements by data protection authorities and the Article 29 Working Party, is that data exporters are ultimately responsible for ensuring that transfers … Continue Reading

Round-up of Safe Harbor guidance issued by EU Data Protection Authorities

October has been a busy month for Data Protection Authorities in the EU. Following the Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14) on 6 October, uncertainty ruled. Businesses and DPAs alike struggled to come to terms with the implications of the invalidation of Safe Harbor. This week, … Continue Reading

U.S. Congress passes the Judicial Redress Act, but does it provide effective redress?

In an uncharacteristically swift move, the United States Congress passed the Judicial Redress Act (“Act”) on 20 October 2015. The Act proposes to extend safeguards implemented under the Privacy Act 1974, and, if brought into force, would allow non-U.S. citizens to bring civil actions against United States agencies in certain circumstances. To become law, the Act must now … Continue Reading

The Article 29 Working Party releases statement on Safe Harbor

On 16 October, the Article 29 Working Party released a statement (“Statement”) on the implications of the Court of Justice of the European Union’s (“CJEU”) judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14). In that judgment, the CJEU invalidated the Safe Harbor regime, which for 15 years had been one of the main tools available to … Continue Reading

The Safe Harbor Ruling – FAQs and What Your Business Should Do Now

We previously issued a briefing on the Court of Justice of the European Union’s (CJEU) ruling that declared all transfers of personal data from the EU to the United States under the U.S.-EU Safe Harbor Framework, including those conducted by vendors or suppliers, immediately invalid.  On 14 October 2015, we presented a webinar on this topic, including a practical discussion of the … Continue Reading

What You Need to Know About the Court of Justice of the European Union’s Safe Harbor Ruling: A Practical Discussion of the Impact and Solutions

Recent headlines continue to explore the ramifications of the Court of Justice of the European Union’s ruling declaring the long-standing EU U.S. Safe Harbor framework invalid. The decision will have widespread implications on how global corporations manage the international transfer of data. Please join Reed Smith on October 14, 2015 at 9:00 a.m. PT | … Continue Reading

EU Court Ruling on Safe Harbor Expected 6 October

Last week we blogged about the game-changing ECJ Advocate General recommendation that the court found the U.S.-EU Safe Harbor program invalid. It was anticipated that the court would not issue judgment for several weeks, but the Court of Justice calendar lists the case for decision on 6 October. The U.S. mission to the European Union has also issued … Continue Reading

Safe Harbor Invalid! Will the ECJ follow the Advocate General recommendation?

Advocate General Yves Bot today delivered an opinion recommending that the European Court of Justice (ECJ) find the U.S.-EU Safe Harbor Program invalid. His opinion, while non-binding, relates to a request for a preliminary ruling referred to the ECJ by the High Court of Ireland, Irish Court in Schrems v. Data Protection Commissioner, (ECJ, No. … Continue Reading

German Data Protection Commissioners Take Action Against Safe Harbor

At the Data Protection Conference in Berlin, the Berlin and Hamburg Data Protection Commissioners (Commissioners) made a number of important announcements regarding the ‘inadequacy’ of the EU/U.S. Safe Harbor Program. Both Dr. Alexander Dix and Prof. Johannes Caspar, Commissioners for Berlin and Hamburg respectively, asserted that U.S. companies do not protect data to the same … Continue Reading

EU – US Privacy Bridge Project Announced

This post was also written by Matthew N. Peters. On 2 May, Dutch Data Protection Authority (DPA) Chairman Jacob Kohnstamm announced a new Privacy Bridge Project between the U.S. and the EU at the IAPP Data Protection Intensive.  In his announcement, Kohnstamm highlighted the need for these two privacy regimes to find common ground, and to abandon … Continue Reading
LexBlog