Compliance
Irish DPC tells Facebook to stop transferring data to the US: Should panic ensue?
The Wall Street Journal reported Sept. 9 that Ireland’s Data Protection Commissioner issued a preliminary order that Facebook must stop transferring user data to the U.S. The order, which was reported based on anonymous sources “according to people familiar with the matter,” follows the Court of Justice of the European Union’s ruling…
Read More »Ireland to Order Facebook to Stop Sending User Data to U.S.
A European Union privacy regulator has sent Facebook Inc. a preliminary order to suspend data transfers to the U.S. about its EU users, according to people familiar with the matter, an operational and legal challenge for the company that could set a precedent for other tech giants. The preliminary order,…
Read More »Schrems II: How will impact international data flows in practice
Of all the privacy developments that have hit the headlines this year, arguably none – not even the coming into effect of the CCPA, developments related to the LGPD in Brazil, or the ongoing Brexit adequacy saga – have been as impactful as the Court of Justice of the European Union’s…
Read More »Data Transfers: Post-Schrems II guidance from the LfDI Baden-Württemberg
In the wake of the Court of Justice of the European Union’s (‘CJEU’) judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Case-311/18) (‘the Schrems II Case’), the future of international data transfers hangs in the balance, with EU supervisory authorities playing a crucial role in shaping the case’s impact.…
Read More »The US-EU Privacy Shield Is Dead … Now What?
This issue is a big deal, but one that comes as little surprise to those following subject. As you may have already heard, the Court of Justice of the European Union (ECJ) recently ruled that the current data transfer agreement between the European Union and the United States known as the…
Read More »European Data Protection Board – Thirty-seventh Plenary session
The Board adopted GDPR Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users. In addition, the EDPB created a taskforce on complaints following the CJEU Schrems II judgement and a taskforce devoted to the supplementary measures that data exporters…
Read More »The increasing importance of a DPIA
As organizations scramble to implement alternative data transfer mechanisms and fill in their compliance gaps following the “Schrems II” decision, one important tool remains overlooked: the DPIA (data protection impact assessment). Based on the text Article 35 of the EU General Data Protection Regulation and subsequent European Data Protection Board guidance,…
Read More »Corporate Privacy Spend Is Rising—And Bringing Legal Departments Along With It
Companies are fast realizing that a sound privacy compliance posture can not only help their bottom line and bolster their legal department’s stature as a central business unit, but also, at the very least, net them some new tools and increase the privacy spend. On Wednesday, privacy company Ethyca released…
Read More »Schrems II – It’s Not Just Travel That’s Now Restricted between Europe and the US
On July 16, 2020, the European Union’s Court of Justice (“CJEU”) ruled that an important provision of the EU-U.S. Privacy Shield (“Privacy Shield”) allowing companies to lawfully transfer personal data from the EU to the US is invalid. Companies must now reevaluate their data privacy protocols to ensure they are…
Read More »After Schrems II: Contracts No Longer Enough For Data Transfer
I. The Striking Difference Between Schrems I and Schrems II It would be misleading to view last week’s Schrems II[1] decision as only having an effect similar to that of the Schrems I[2] decision in 2015. While Schrems I invalidated the EU-US Safe Harbor treaty for cross-Atlantic data transfer, organisations still…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
