Managing the E.U. Data Transfer Landscape

Written by
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy. The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.) Other [...] Read more

Article 29 Working Party announces its 2016 Action Plan for GDPR Preparedness

Written by , and
During a press conference held on February 3, 2016, the President of the Article 29 Working Party (“Working Party”) discussed the Working Party’s 2016 action plan concerning the new General Data Protection Regulation (“GDPR”). The action plan lays out the groundwork required to prepare the DPAs for their new role under the GDPR and to ensure a smooth transition as the Working Party, established under the Data Protection Directive, is superseded by the European Data Protection Board (“EDPB”). The EDPB will be tasked mainly with ensuring a coordinated and consistent application of the [...] Read more

EU Working Party Discusses Data Transfer Framework

Written by
Today, the consortium of European data protection authorities, the Article 29 Working Party (“WP29”), released a much awaited statement on the consequences of the European Court of Justice ("ECJ") decision that invalidated the Safe Harbor framework. Companies will be relieved to find that alternative transfer mechanisms, such as Model Contracts or Binding Corporate Rules, are not at risk for the moment. The WP29’s main focus is on the new “EU-US Privacy Shield” that will replace the Safe Harbor framework. While the details of the “EU-US Privacy Shield” have not been published yet, [...] Read more

Revised Safe Harbor Agreed: Introducing the New “EU-U.S. Privacy Shield”

Written by and
European Commission and U.S. officials today announced reaching a “political agreement” on a new Safe Harbor framework. The new framework will be called the “EU-U.S. Privacy Shield.” In a press conference and a press release today, European officials highlighted the following points about the new framework: Limitations on surveillance: Commission officials report that the U.S. has provided “written assurances” that “the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.” Annual joint [...] Read more

Statement from Peter Swire on Safe Harbor Agreement

Written by
Peter Swire issued the following statement today following news of a revised Safe Harbor framework. Today the European Union and United States announced a new framework for transatlantic data flows, called the EU-US Privacy Shield.   This will update the EU-US Safe Harbor agreement, for which I was part of the negotiating team in 2000.  At the invitation of European Union privacy officials, I testified in December 2015 about “US Surveillance Law, Safe Harbor, and Reforms Since 2013,” available here. The US has made multiple and important reforms to its surveillance law since the Snowden [...] Read more

FTC Updates Website

Written by
The Federal Trade Commission (FTC) has announced updates to the website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

Peter Swire Debates Max Schrems

Written by
As previously announced, Alston & Bird Senior Counsel Peter Swire debated European privacy activist Max Schrems at an event sponsored by the Brussels Privacy Hub. Max Schrems opened the debate by defending the European Court of Justice (ECJ) decision invalidating Safe Harbor, characterizing it as a victory over mass surveillance by the U.S. National Security Agency (NSA). Schrems emphasized, however, that the ECJ decision should not be seen as an anti-American decision and suggested that European surveillance practices themselves may deserve to be further challenged. Peter Swire’s [...] Read more

Examining the Judicial Redress Act

Written by
The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0" framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate. As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request [...] Read more

The Importance of Strategic Vendors in Breach Response

Written by and
Alston & Bird recently issued an Advisory, co-authored by Jim Harvey and Karen Sanzaro, on the complexities of managing a data breach that implicates strategic third party vendor relationships. Cybercrime and data security incidents are on the rise.  Security breaches and the ensuing investigation and remediation process can be costly and complex.  The process is further complicated if the breach implicates a company’s third party service provider, or the services provided by such third party, particularly where the services or the service provider are strategic or essential to a company’s [...] Read more

Civil Liberties Organizations Call on FCC To Regulate Broadband Privacy

Written by
In a letter to the Federal Communications Commission (FCC) made public on January 20, 2016, sixty civil liberties organizations, including the ACLU and the Electronic Frontier Foundation, called on the FCC to use its authority to issue new privacy rules for broadband providers. The letter cites the FCC’s reclassification of broadband as a Title II common carrier service as providing the FCC with authority to issue privacy rules for broadband carriers. In addition, the civil liberties organizations quoted a recent comment by Commissioner Julie Brill of the Federal Trade Commission (FTC) that [...] Read more