On Thursday, March 25, 2021, U.S. Secretary of Commerce Gina Raimondo and European Commissioner for Justice Didier Reynders released a joint press statement regarding the intensifying negotiations on an “enhanced” EU-U.S. Privacy Shield framework to comply with the Schrems II decision. The press release emphasized their “shared commitment to privacy, data protection and the rule…
Following a reassessment of the Swiss-U.S. Privacy Shield framework, Adrian Lobsiger, the Federal Data Protection and Information Commissioner of Switzerland (Commissioner), has downgraded the U.S. ranking in terms of its data protection practices. The Commissioner concluded in his policy paper of September 8, 2020, that the Swiss-U.S. Privacy Shield, does not provide “adequate protection under certain circumstances.”
In the wake of the Court of Justice of the European Union’s (CJEU or Court) Schrems II decision invalidating the Privacy Shield but upholding Standard Contractual Clauses (SCCs), many EU Data Protection Authorities (DPAs) have provided initial thoughts and reactions to the decision and indications that guidance from such DPAs will be forthcoming. Below, we…
Roughly a week after the Court of Justice of the European Union’s (CJEU or Court) Schrems II decision was released, the European Data Protection Board (EDPB) published Guidance addressing some frequently asked questions received by Data Protection Authorities (DPAs). Key points from the EDPB’s Guidance include the following: Implications on Other Transfer Mechanisms. The threshold…
Yesterday, the Court of Justice of the European Union (“CJEU” or “Court”) reached a landmark decision in the Schrems II case (case C-311/18) (the “Schrems II Decision”) invalidating the EU-U.S. Privacy Shield framework. The following are our top takeaways from the CJEU’s decision: Invalidation of the Privacy Shield in its entirety, effective immediately. The CJEU…
In September of 2018, the Federal Trade Commission filed complaints against four companies for falsely claiming to be certified under the EU-U.S. Privacy Shield, alleging such acts constituted deceptive acts or practices violating Section 5(a) of the Federal Trade Commission Act. One company claimed on its website that it “complies with the EU-U.S. Privacy [S]hield framework”…
Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP, Principal of Fey LLC, will speak at the IAPP Denver KnowledgeNet on “Third-Party Vendor Selection and Contracting: Limiting Risk under the Privacy Shield, GDPR, and Privacy Regulations Worldwide.” She will co-present with Jennifer Mullins, CIPP/E, General Counsel of SafeGuard World International. We have inserted more information on this…
If your company plans to join the Privacy Shield, if possible, you should try to self-certify by September 30, 2016. By doing so, you will be able to take advantage of a nine-month grace period to bring existing third-party relationships in conformance with the Accountability for Onward Transfer Principle. Why is this nine-month grace period…
Yesterday, the Article 29 Working Party (“Working Party”) released a statement concerning the final version of the EU-U.S. Privacy Shield. Yesterday’s statement from the Working Party is generally more favorable than its April opinion on the previous draft Privacy Shield. Here are our key takeaways from yesterday’s press release: The Working Party Considers the Privacy…
(913)948-6300 
