Swiss Data Commissioner Downgrades U.S. for Inadequate Personal Data Protection
202009.09
0

Swiss Data Commissioner Downgrades U.S. for Inadequate Personal Data Protection

in Cross-Border Data Transfers, Data Privacy, Data Security, Privacy Shield

Following a reassessment of the Swiss-U.S. Privacy Shield framework, Adrian Lobsiger, the Federal Data Protection and Information Commissioner of Switzerland (Commissioner), has downgraded the U.S. ranking in terms of its data protection practices. The Commissioner concluded in his policy paper of September 8, 2020, that the Swiss-U.S. Privacy Shield, does not provide “adequate protection under certain circumstances.”  

Schrems II: Reactions and Preliminary Guidance from Data Protection Authorities
202007.31
0

Schrems II: Reactions and Preliminary Guidance from Data Protection Authorities

in Cross-Border Data Transfers, Privacy Shield

In the wake of the Court of Justice of the European Union’s (CJEU or Court) Schrems II decision invalidating the Privacy Shield but upholding Standard Contractual Clauses (SCCs), many EU Data Protection Authorities (DPAs) have provided initial thoughts and reactions to the decision and indications that guidance from such DPAs will be forthcoming.  Below, we…

Key Takeaways from European Data Protection Board’s Schrems II Guidance
202007.30
0

Key Takeaways from European Data Protection Board’s Schrems II Guidance

in Cross-Border Data Transfers, Privacy Shield

Roughly a week after the Court of Justice of the European Union’s (CJEU or Court) Schrems II decision was released, the European Data Protection Board (EDPB) published Guidance addressing some frequently asked questions received by Data Protection Authorities (DPAs).  Key points from the EDPB’s Guidance include the following: Implications on Other Transfer Mechanisms.  The threshold…

EU High Court Invalidates Privacy Shield, SCC’s Survive (for Now): What Organizations Seeking to Transfer EU Personal Data to the U.S. (and Elsewhere) Should Do Next
202007.17
0

EU High Court Invalidates Privacy Shield, SCC’s Survive (for Now): What Organizations Seeking to Transfer EU Personal Data to the U.S. (and Elsewhere) Should Do Next

in Cross-Border Data Transfers, Privacy Shield

Yesterday, the Court of Justice of the European Union (“CJEU” or “Court”) reached a landmark decision in the Schrems II case (case C-311/18) (the “Schrems II Decision”) invalidating the EU-U.S. Privacy Shield framework.  The following are our top takeaways from the CJEU’s decision: Invalidation of the Privacy Shield in its entirety, effective immediately.  The CJEU…

FTC Settles with Four Companies Falsely Claiming Current Participation in EU-U.S. Privacy Shield
201811.19
0

FTC Settles with Four Companies Falsely Claiming Current Participation in EU-U.S. Privacy Shield

in Cross-Border Data Transfers, Data Privacy, Privacy Shield

In September of 2018, the Federal Trade Commission filed complaints against four companies for falsely claiming to be certified under the EU-U.S. Privacy Shield, alleging such acts constituted deceptive acts or practices violating Section 5(a) of the Federal Trade Commission Act.  One company claimed on its website that it “complies with the EU-U.S. Privacy [S]hield framework”…

201709.06
0

Laura Clark Fey to Present on Third-Party Vendor Contracting at IAPP KnowledgeNet in Denver

in Data Privacy, GDPR, Privacy Shield

Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP, Principal of Fey LLC, will speak at the IAPP Denver KnowledgeNet on “Third-Party Vendor Selection and Contracting:  Limiting Risk under the Privacy Shield, GDPR, and Privacy Regulations Worldwide.” She will co-present with Jennifer Mullins, CIPP/E, General Counsel of SafeGuard World International. We have inserted more information on this…

201609.01
0

Reason to Move Onward: The Privacy Shield’s Limited-Time-Only Grace Period

in Cross-Border Data Transfers, Data Privacy, Privacy Shield

If your company plans to join the Privacy Shield, if possible, you should try to self-certify by September 30, 2016.  By doing so, you will be able to take advantage of a nine-month grace period to bring existing third-party relationships in conformance with the Accountability for Onward Transfer Principle.  Why is this nine-month grace period…

201607.27
0

Article 29 Working Party Releases Statement on Final EU-U.S. Privacy Shield

in Cross-Border Data Transfers, Data Privacy, Privacy Shield

Yesterday, the Article 29 Working Party (“Working Party”) released a statement concerning the final version of the EU-U.S. Privacy Shield.  Yesterday’s statement from the Working Party is generally more favorable than its April opinion on the previous draft Privacy Shield.  Here are our key takeaways from yesterday’s press release: The Working Party Considers the Privacy…