On 17 December 2015, the German Parliament (Deutscher Bundestag) passed a bill on the improvement of enforcement of data protection provisions protecting consumers (Entwurf eines Gesetzes zur Verbesserung der zivilrechtlichen Durchsetzung von verbraucherschützenden Vorschriften des Datenschutzrechts). Under the new law, registered consumer associations will have the right to sue companies for violations of data protection laws (“class actions”). To this aim, certain amendments will be made to the German Injunction Act (Unterlassungsklagengesetz). The bill is subject to signing by the Federal President and announcement in the Federal Law Gazette (Bundesgesetzblatt). The new law will enter into force one day after announcement in the Federal Law Gazette.
Continue Reading Germany to expand consumer associations’ right to sue companies for breach of data protection laws
Safe Harbor
The French CNIL officially requires the use of EU Model Clauses as a quick fix for businesses impacted by the recent Safe Harbor ruling of CJEU – Companies must be compliant as of end January 2016
On 19 November, the CNIL released an article in order to provide companies impacted by the recent CJEU ruling on invalidation of Safe Harbor with guidance on the next steps. The article was published at the same time the CNIL sent a mailing to all data controllers relying on Safe Harbor to fix the issue.…
Spain issues deadline for implementing alternative Safe-Harbor mechanisms
Spain’s Data Protection Authority, the Agencia Española de Proteccion de Datós (‘AEPD’), has issued a deadline of 29 January 2016, for the implementation of alternative mechanisms to Safe Harbor.
By letter dated 3 November 2015, the AEPD imposed the deadline on all companies operating in Spain that had previously notified it of personal data transfers to the United States which were based on the recipient’s Safe Harbor certification. The letter requires companies in Spain to inform the AEPD of the mechanism(s) they have implemented to ensure the “adequate protection” of personal data which is transferred to the United States.
Continue Reading Spain issues deadline for implementing alternative Safe-Harbor mechanisms
Safe Harbor update: European Commission issues communication following Safe Harbor invalidation – Safe Harbor 2.0 in three months?
On 6 November, the European Commission released a communication on the implications of the Court of Justice of the European Union’s decision invalidating the Safe Harbor framework.
The key message, which echoes previous announcements by data protection authorities and the Article 29 Working Party, is that data exporters are ultimately responsible for ensuring that transfers…
Round-up of Safe Harbor guidance issued by EU Data Protection Authorities
October has been a busy month for Data Protection Authorities in the EU. Following the Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14) on 6 October, uncertainty ruled. Businesses and DPAs alike struggled to come to terms with the implications of the invalidation of Safe Harbor. This…
U.S. Congress passes the Judicial Redress Act, but does it provide effective redress?
In an uncharacteristically swift move, the United States Congress passed the Judicial Redress Act (“Act”) on 20 October 2015. The Act proposes to extend safeguards implemented under the Privacy Act 1974, and, if brought into force, would allow non-U.S. citizens to bring civil actions against United States agencies in certain circumstances. To become law, the…
The Article 29 Working Party releases statement on Safe Harbor
On 16 October, the Article 29 Working Party released a statement (“Statement”) on the implications of the Court of Justice of the European Union’s (“CJEU”) judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14). In that judgment, the CJEU invalidated the Safe Harbor regime, which for 15 years had been one of the main…
The Safe Harbor Ruling – FAQs and What Your Business Should Do Now
We previously issued a briefing on the Court of Justice of the European Union’s (CJEU) ruling that declared all transfers of personal data from the EU to the United States under the U.S.-EU Safe Harbor Framework, including those conducted by vendors or suppliers, immediately invalid. On 14 October 2015, we presented a webinar on this topic, including a practical discussion of the impact and potential solutions. Moving forward, companies should evaluate the following frequently asked questions to help mitigate the potential risk of exposure when transferring data internationally.
Continue Reading The Safe Harbor Ruling – FAQs and What Your Business Should Do Now
What You Need to Know About the Court of Justice of the European Union’s Safe Harbor Ruling: A Practical Discussion of the Impact and Solutions
Recent headlines continue to explore the ramifications of the Court of Justice of the European Union’s ruling declaring the long-standing EU U.S. Safe Harbor framework invalid. The decision will have widespread implications on how global corporations manage the international transfer of data.
Please join Reed Smith on October 14, 2015 at 9:00 a.m. PT |…
EU Court Ruling on Safe Harbor Expected 6 October
Last week we blogged about the game-changing ECJ Advocate General recommendation that the court found the U.S.-EU Safe Harbor program invalid. It was anticipated that the court would not issue judgment for several weeks, but the Court of Justice calendar lists the case for decision on 6 October.
The U.S. mission to the European Union…