President Obama Announces Cybersecurity National Action Plan

Written by
On February 9, 2016, President Barack Obama unveiled his new Cybersecurity National Action Plan (CNAP), a comprehensive approach to confront cybersecurity challenges. As articulated in the CNAP Fact Sheet released by the White House, CNAP takes “near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” Below are a few highlights of CNAP. Commission on Enhancing National Cybersecurity On [...] Read more

Managing the E.U. Data Transfer Landscape

Written by
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy. The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.) Other [...] Read more

Article 29 Working Party announces its 2016 Action Plan for GDPR Preparedness

Written by , and
During a press conference held on February 3, 2016, the President of the Article 29 Working Party (“Working Party”) discussed the Working Party’s 2016 action plan concerning the new General Data Protection Regulation (“GDPR”). The action plan lays out the groundwork required to prepare the DPAs for their new role under the GDPR and to ensure a smooth transition as the Working Party, established under the Data Protection Directive, is superseded by the European Data Protection Board (“EDPB”). The EDPB will be tasked mainly with ensuring a coordinated and consistent application of the [...] Read more

EU Working Party Discusses Data Transfer Framework

Written by
Today, the consortium of European data protection authorities, the Article 29 Working Party (“WP29”), released a much awaited statement on the consequences of the European Court of Justice ("ECJ") decision that invalidated the Safe Harbor framework. Companies will be relieved to find that alternative transfer mechanisms, such as Model Contracts or Binding Corporate Rules, are not at risk for the moment. The WP29’s main focus is on the new “EU-US Privacy Shield” that will replace the Safe Harbor framework. While the details of the “EU-US Privacy Shield” have not been published yet, [...] Read more

Revised Safe Harbor Agreed: Introducing the New “EU-U.S. Privacy Shield”

Written by and
European Commission and U.S. officials today announced reaching a “political agreement” on a new Safe Harbor framework. The new framework will be called the “EU-U.S. Privacy Shield.” In a press conference and a press release today, European officials highlighted the following points about the new framework: Limitations on surveillance: Commission officials report that the U.S. has provided “written assurances” that “the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.” Annual joint [...] Read more

Statement from Peter Swire on Safe Harbor Agreement

Written by
Peter Swire issued the following statement today following news of a revised Safe Harbor framework. Today the European Union and United States announced a new framework for transatlantic data flows, called the EU-US Privacy Shield.   This will update the EU-US Safe Harbor agreement, for which I was part of the negotiating team in 2000.  At the invitation of European Union privacy officials, I testified in December 2015 about “US Surveillance Law, Safe Harbor, and Reforms Since 2013,” available here. The US has made multiple and important reforms to its surveillance law since the Snowden [...] Read more

FTC Updates Website

Written by
The Federal Trade Commission (FTC) has announced updates to the website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

Peter Swire Debates Max Schrems

Written by
As previously announced, Alston & Bird Senior Counsel Peter Swire debated European privacy activist Max Schrems at an event sponsored by the Brussels Privacy Hub. Max Schrems opened the debate by defending the European Court of Justice (ECJ) decision invalidating Safe Harbor, characterizing it as a victory over mass surveillance by the U.S. National Security Agency (NSA). Schrems emphasized, however, that the ECJ decision should not be seen as an anti-American decision and suggested that European surveillance practices themselves may deserve to be further challenged. Peter Swire’s [...] Read more

Examining the Judicial Redress Act

Written by
The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0" framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate. As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request [...] Read more

The Importance of Strategic Vendors in Breach Response

Written by and
Alston & Bird recently issued an Advisory, co-authored by Jim Harvey and Karen Sanzaro, on the complexities of managing a data breach that implicates strategic third party vendor relationships. Cybercrime and data security incidents are on the rise.  Security breaches and the ensuing investigation and remediation process can be costly and complex.  The process is further complicated if the breach implicates a company’s third party service provider, or the services provided by such third party, particularly where the services or the service provider are strategic or essential to a company’s [...] Read more