Author Archives: Daniel Felz

Daniel Felz
Daniel Felz is an associate in the firm’s Litigation & Trial Practice Group. Daniel focuses his practice on international litigation, trade and regulation, with particular emphasis on multijurisdictional litigation, complex transactions and class actions.  Read More

Challenge to Privacy Shield Dismissed by EU General Court

Written by
In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield.  DRI filed its challenge before the General Court of the European Union, which is the court of first instance in the EU system with exclusive jurisdiction over challenges to the validity of EU legal acts.  Last week, the General Court dismissed DRI’s challenge, meaning that Privacy Shield remains valid and in force. DRI based its Privacy Shield suit on Article 263 of the Treaty on the Functioning of the European Union (TFEU), [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 5 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 4 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 3 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 2 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 1 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

Germany Proposes Bill Requiring Social Network Takedowns – with € 50 Million Fines

Written by
Recent media reports indicated that Germany was considering legislation that would fine social networks for failing to combat fake news and hate speech.  Today, German Justice Minister Heiko Maas introduced a “Draft Law to Improve Law Enforcement in Social Networks” (abbreviated as the Network Enforcement Act (Netzwerkdurchsetzungsgesetz), or “NetzDG”).  The NetzDG aims to curb “hate-based criminality” in large social networks that have the potential to drive public opinion, and to improve law enforcement access to evidence held by social networks.  The Justice Department’s NetzDG [...] Read more

Spanish Ministry of Justice Launches Public Consultation on GDPR

Written by and
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”).  The press release clarifies that although the GDPR has direct effect in the European Member States, its implementation into Spanish law is not a straightforward exercise because (i) the obligations in existing data protection legislation need to be maintained or amended (as the case may be), and (ii) other sector specific laws containing provisions on data protection need to be updated.  A [...] Read more

WP29 Releases Extensive Guidance on DPO Obligations; Companies Need to Start Planning Now

Written by
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR).  This is part one of a three-part Alston & Bird series evaluating WP29's positions, and relates to Data Protection Officer obligations under the GDPR.  Part 2 deals with the Right to Data Portability, while Part 3 analyzes guidance on the Lead Supervisory Authority mechanism. The GDPR mandates that companies appoint a Data Protection Officer (DPO) in certain circumstances.  DPOs have been a fixture [...] Read more

EU Releases Amendments to Model Clause and Country-Whitelisting Decisions – with Good News for Companies

Written by
Most privacy professionals are familiar with the European Court of Justice’s 2015 Schrems decision, which struck down the US-EU Safe Harbor mechanism.  One lesser-discussed aspect of the ECJ’s decision related to the powers of Data Protection Authorities (DPAs) within the EU’s Member States.  In the Schrems proceedings, the Irish Data Protection Commission argued that it had no authority to suspend or restrict transfers based on Safe Harbor because Safe Harbor was a decision by the EU Commission.  The ECJ rejected this argument, holding that the Commission cannot restrict DPAs’ ability [...] Read more