Compliance
Schrems II: data localization, encryption & the bigger picture
The Schrems II decision by the EU’s highest court (CJEU) invalidated the EU-US Privacy Shield. It declared valid, just about, SCCs (standard contractual clauses between data sender and recipient) for transfers or data exports outside the EU – but only if there’s enough practical checks and controls for “adequate protection” of personal data. The…
Read More »How Schrems II will impact data sharing between the UK and the US
Transferring personal data internationally has become more difficult in recent days. The Court of Justice of the European Union (CJEU) has invalidated the Privacy Shield, an EU adequacy decision that allowed data to flow freely from the UK and EU to more than 5,300 companies in the US. At the…
Read More »Schrems II Judgement Day
New FPF Study: More Than 250 European Companies are Participating in Key EU-US Data Transfer Mechanism
European Companies’ Participation in Privacy Shield Up Nearly 30% from the Past Year. EU-US Privacy Shield Remains Essential to Leading European Companies. From Major Employers such as Logitech and Siemens to Leading Technology Firms like Telefónica and SAP, European Companies Depend on the EU-US Agreement. The Privacy Shield Program Supports…
Read More »Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in the Schrems II case1 and it is fair to say that it has caused some shock amongst the privacy community and our clients. First things first: don’t panic! Data flows will continue, and can continue, for…
Read More »The LawBytes Podcast, Episode 58: “An Earth Shattering Decision” – Marina Pavlovic on the Supreme Court of Canada’s Uber v. Heller Ruling
The Supreme Court of Canada recently released its much anticipated Uber Technologies v. Heller decision, a landmark ruling with significant implications for the validity of online contracts and for employment relations in the gig economy. The court rejected an arbitration clause in an Uber contract with its drivers, finding the…
Read More »CCPA Enforcement To Begin On Wednesday July 1, 2020 – Steps To Get Ready
The California Consumer Privacy Act enters the enforcement phase on July 1, despite pleas by some business groups to delay it because of Covid-19 coronavirus impacts. This means that California’s Attorney General will be able to take direct action against businesses that violate the privacy protection requirements of the CCPA.…
Read More »How to ensure you appoint an independent DPO
In light of recent regulator action regarding data protection officer independence, it’s an important moment to consider the ethical and practical considerations surrounding the appointment of a DPO. A sporting analogy is helpful here: The essential question to consider is can one player be a coach and a referee? Arguably…
Read More »Facebook Dealt Blow as German Court Strikes Business Model
Facebook Inc. suffered a setback in a key challenge to its business model as Germany’s highest civil court said that it has “no doubt” that the social network misuses its dominant market position. Judges at a hearing on Tuesday ruled that Facebook must comply with a strict order curbing the…
Read More »A quick comparative survey of Quebec’s proposed privacy legislation
On June 12, 2020, Quebec tabled its proposed update to its public and private sector privacy laws, and it lives up to the promise of the “GDPR-style legislation” first announced this spring. There are a number of elements that echo other federal and provincial privacy laws in Canada, but there…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
