EU
European Data Protection Board – Thirty-seventh Plenary session
The Board adopted GDPR Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users. In addition, the EDPB created a taskforce on complaints following the CJEU Schrems II judgement and a taskforce devoted to the supplementary measures that data exporters…
Read More »The increasing importance of a DPIA
As organizations scramble to implement alternative data transfer mechanisms and fill in their compliance gaps following the “Schrems II” decision, one important tool remains overlooked: the DPIA (data protection impact assessment). Based on the text Article 35 of the EU General Data Protection Regulation and subsequent European Data Protection Board guidance,…
Read More »Can Europe’s Single Data Market Solve the US Data Privacy Challenge?
From an American perspective, the European Union can appear to be a coercive force in the technology sector, ensuring that big technology companies don’t step out of line on issues like data privacy – Europe’s Single Data Market But there’s another perspective to consider. In the future, the EU could…
Read More »After Schrems II: Contracts No Longer Enough For Data Transfer
I. The Striking Difference Between Schrems I and Schrems II It would be misleading to view last week’s Schrems II[1] decision as only having an effect similar to that of the Schrems I[2] decision in 2015. While Schrems I invalidated the EU-US Safe Harbor treaty for cross-Atlantic data transfer, organisations still…
Read More »So the Shield Is Gone, What About SCCs?
On 16 July, the European Court of Justice (CJEU) struck down the controversial Privacy Shield arrangement for transferring data from the EU to the US. Cue widespread alarm as businesses reliant on such transfers scrambled to work out what other solutions were available. Fortunately the CJEU also clarified that Standard…
Read More »Frequently Asked Questions on the judgment of the Court of Justice of the European Union in Case C-311/18 –
The EDPB (European Data Protection Board) produced a Frequently Asked Question document on July 23, 2020, after the CJEU ruling regarding Schrems II. Questions include: 3) Is there any grace period during which I can keep on transferring data to the U.S. without assessing my legal basis for the transfer?…
Read More »Schrems II: data localization, encryption & the bigger picture
The Schrems II decision by the EU’s highest court (CJEU) invalidated the EU-US Privacy Shield. It declared valid, just about, SCCs (standard contractual clauses between data sender and recipient) for transfers or data exports outside the EU – but only if there’s enough practical checks and controls for “adequate protection” of personal data. The…
Read More »How Schrems II will impact data sharing between the UK and the US
Transferring personal data internationally has become more difficult in recent days. The Court of Justice of the European Union (CJEU) has invalidated the Privacy Shield, an EU adequacy decision that allowed data to flow freely from the UK and EU to more than 5,300 companies in the US. At the…
Read More »Schrems II Judgement Day
New FPF Study: More Than 250 European Companies are Participating in Key EU-US Data Transfer Mechanism
European Companies’ Participation in Privacy Shield Up Nearly 30% from the Past Year. EU-US Privacy Shield Remains Essential to Leading European Companies. From Major Employers such as Logitech and Siemens to Leading Technology Firms like Telefónica and SAP, European Companies Depend on the EU-US Agreement. The Privacy Shield Program Supports…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
