Archives: Data Transfers/Safe Harbor/Privacy Shield

Subscribe to Data Transfers/Safe Harbor/Privacy Shield RSS Feed

ECJ Confirms Dynamic IP Address May Constitute Personal Data But Can Be Logged to Combat Cyberattacks

On 19 October 2016, the European Court of Justice (ECJ) held (Case C-582/14 – Breyer v Federal Republic of Germany) that dynamic IP addresses may constitute personal data. The ECJ also held that a website operator may collect and process IP addresses for the purpose of protecting itself against cyberattacks, because in the view of … Continue Reading

The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data … Continue Reading

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Even though Brexit will likely have the biggest impact on the financial sector, businesses in the United Kingdom … Continue Reading

Farewell ‘Safe Harbor,’ Hello ‘Privacy Shield’: Europe and U.S. Agree on New Rules for Transatlantic Data Transfer

After intense negotiations, and after the official deadline had passed on Sunday, 31 January 2016, the United States and the European Union have finally agreed on a new set of rules—the “EU-U.S. Privacy Shield”—for data transfers across the Atlantic. The Privacy Shield replaces the old Safe Harbor agreement, which was struck down by the European Court … Continue Reading

Safe Harbor Update: European Commission Reaffirms Commitment to a Safe Harbor Sequel

As we reported on October 19th, the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data challenged the EU member states to “open discussions with the US” to find a viable alternative to the Safe Harbor program. Today, the European Commission (EC) issued a public statement confirming its commitment to … Continue Reading

Safe Harbor Update: House Votes to Pass Judicial Redress Act

The Judicial Redress Act of 2015 (H.R. 1428) (Judicial Redress Act) is on its way to the U.S. Senate. On October 20th, the U.S. House of Representatives voted in favor of passage. The Judicial Redress Act extends certain privacy rights under the Privacy Act of 1974 (Privacy Act) to citizens of the EU and other … Continue Reading

Safe Harbor Update: Safe Harbor Sequel Coming Soon?

As we wrote on October 6, 2015, the Court of Justice of the European Union (CJEU) announced its invalidation of the U.S.-EU Safe Harbor program as a legally valid pathway for transferring personal data of European Union (EU) residents from the EU to the United States. An avalanche of reports, analyses and predictions followed the … Continue Reading

Court of Justice of the European Union Says Safe Harbor Is No Longer Safe

Earlier today, the Court of Justice of the European Union (CJEU) announced its determination that the U.S.-EU Safe Harbor program is no longer a “safe” (i.e., legally valid) means for transferring personal data of EU residents from the European Union to the United States. The CJEU determined that the European Commission’s 2000 decision (Safe Harbor … Continue Reading

The German Perspective: EU and U.S. Data Protection “Umbrella Agreement”

After over four years of negotiations, the European Union and the United States have agreed on a framework data protection agreement on 8 September 2015 (Umbrella Agreement). The Umbrella Agreement covers all personal data exchanged between the European Union and the United States for the purpose of prevention, detection, investigation and prosecution of criminal offences, … Continue Reading

The FTC Continues to Flex its Safe Harbor Enforcement Muscles

On August 17, 2015, the Federal Trade Commission (FTC) announced settlements with 13 companies on charges that they misled consumers by claiming that they were certified members of the U.S.-EU or U.S.-Swiss Safe Harbor programs when in fact their certifications had lapsed or never existed in the first place. The FTC’s announcement comes on the … Continue Reading

Start with Security

On June 30, 2015, the Federal Trade Commission (FTC) published “Start with Security: A Guide for Businesses” (the Guide). The Guide is based on 10 “lessons learned” from the FTC’s more than 50 data-security settlements. In the Guide, the FTC discusses a specific settlement that helps clarify the 10 lessons: Start with security; Control access to … Continue Reading

Canadian Government Amends and Strengthens PIPEDA, Adding Breach Notification Requirement and Filling Other Gaps

Just prior to recessing for the summer, the Canadian government enacted the Digital Privacy Act. It includes a number of targeted amendments to strengthen existing provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), but falls short of providing the Privacy Commissioner of Canada (Commissioner) with direct enforcement powers, as some stakeholders—including the … Continue Reading

Any Progress? The Draft Data Protection Regulation Celebrates its Third Anniversary

On the third anniversary of the EU Commission’s proposed new data protection regime, the UK ICO has published its thoughts on where the new regime stands. The message is mixed: progress in some areas but nothing definitive, and no real clarity as to when the new regime may come into force. The legislative process involves … Continue Reading

Article 29 Working Party Adopts Procedure on Approval of Model Clauses

On 26 November 2014, the Article 29 Working Party adopted a working document on establishing a cooperation procedure for issuing common opinions on whether contractual clauses are compliant with the European Commission’s Model Clauses (Model Clauses). The working document establishes the procedure in which companies wishing to use identical contractual clauses in different Member States … Continue Reading

Privacy and Data Protection: 2014 Year in Review

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the … Continue Reading

Is There an End in Sight for EU Data Protection Reform?

On 5 November 2014, Peter Hustinx, the European Data Protection Supervisor (EDPS), together with Germany’s Federal Data Protection Commissioner, Andrea Voβhoff, held a panel discussion in respect of the state of play and perspectives on EU data protection reform. Although participants identified a number of key outstanding issues to be resolved prior to the conclusion … Continue Reading

Processing Personal Data in Russia? Consider These Changes to Russian Law and How They May Impact Your Business

Changes Impacting Businesses that Process Personal Data in Russia On July 21, 2014, a new law Federal Law № 242-FZ was adopted in Russia (Database Law) introducing amendments to the existing Federal Law “On personal data” and to the existing Federal Law “On information, information technologies and protection of information.”  The new Database Law requires … Continue Reading

The New Normal: Big Data Comes of Age

On May 1, 2014, the White House released two reports addressing the public policy implications of the proliferation of big data. Rather than trying to slow the accumulation of data or place barriers on its use in analytic endeavors, the reports assert that big data is the “new normal” and encourages the development of policy … Continue Reading

The FTC Means It: Another Safe Harbor Enforcement Action

No doubt about it: the U.S. Federal Trade Commission (FTC) is serious about taking action against companies that misrepresent their U.S.-EU Safe Harbor certification status.  On February 11, 2014, the FTC announced that children’s online entertainment company Fantage.com agreed to settle charges that it deceptively represented, through statements in its online privacy policy, that it … Continue Reading

Data Privacy Day 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet.  Our panel of speakers discussed significant U.S. data privacy and protection events from 2013 and shared thoughts about what’s ahead for … Continue Reading

In with the New: 2014 Privacy, Advertising and Digital Media Predictions

Data privacy and security made the headlines practically daily in 2013.  Our second annual Privacy and Data Protection 2013 Year in Review topped 65 pages! What privacy, advertising and digital media trends will make headlines in 2014? Here are predictions from Of Digital Interest’s U.S. editorial team: User Tracking Law Enforcement in California: “Amendments to … Continue Reading

Privacy and Data Protection: 2013 Year in Review

Privacy and data protection continue to be an exploding area of focus for regulators in the United States and beyond. This report gives in-house counsel and others responsible for privacy and data protection an overview of some of the major developments in this area in 2013 around the globe, as well as a prediction of … Continue Reading

Safe Harbor: Still Alive, Well and Producing Corporate-Wide Privacy Management Programs

More than 4,000 U.S.-based multinational companies have selected the U.S. – E.U. Safe Harbor Program as the preferred compliance mechanism for international data transfers from the E.U. to the U.S.  Recent transatlantic surveillance politics between the European Union and the United States have, however, focused a controversial spotlight on the Safe Harbor Program.  In the world … Continue Reading

Italian Data Protection Authority Releases New Guidelines and Requirements for Customer Call Centres Based Outside the European Union

New legal requirements have been introduced as part of the Italian Data Protection Authority (IDPA) guidelines on the processing of personal data by call centers based outside the European Union. One of the most significant changes is that companies wishing to operate their customer care services via call centres based outside the European Union will now be … Continue Reading
LexBlog