Category Archives: Privacy Shield

Challenge to Privacy Shield Dismissed by EU General Court

Written by
In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield.  DRI filed its challenge before the General Court of the European Union, which is the court of first instance in the EU system with exclusive jurisdiction over challenges to the validity of EU legal acts.  Last week, the General Court dismissed DRI’s challenge, meaning that Privacy Shield remains valid and in force. DRI based its Privacy Shield suit on Article 263 of the Treaty on the Functioning of the European Union (TFEU), [...] Read more

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by
In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more

FTC Announces First Privacy Shield Enforcement Actions

Written by
The Federal Trade Commission recently announced that it had settled charges against three companies alleged to have falsely claimed participation in Privacy Shield. Privacy Shield supports EU – U.S. transfers of personal data by helping U.S. companies demonstrate compliance with European Union data transfer rules. Companies participating in the program commit to meet specific program requirements designed to protect and limit use of personal data. These requirements include notice, choice, controls on onward transfers of data, independent recourse, and data security. Privacy Shield also requires [...] Read more

Professor Peter Swire Publishes his Expert Testimony from Schrems 2.0

Written by
Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and senior counsel at Alston & Bird, has made public his expert testimony from the landmark Irish High Court Case Data Protection Commissioner v. Facebook Ireland Limited & Maximillian Schrems. Under the Irish Court’s rules, Swire was asked to provide an independent opinion on U.S. surveillance law to assist the Court in its decision. Swire’s testimony highlights U.S. systemic remedies, U.S. individual remedies, Foreign Intelligence Surveillance Court oversight, and the broader implications [...] Read more

German DPAs to Survey Transfers in 500 Companies – with English Translation of DPA Questionnaire

Written by
Late last week, 10 of Germany’s 17 Data Protection Authorities (DPAs) announced they are planning to send written questionnaires to approximately 500 different companies regarding international data transfers.  The following provides a brief overview of the situation, as well as an English translation of the questionnaire, for companies who are potentially affected. This summary refers to the German DPA questionnaire as a “survey.”  In press releases and interviews, the German DPAs have been careful to state that the questionnaire is not an audit or enforcement action.  Additionally, [...] Read more

EU-U.S. Privacy Shield Faces Judicial Attack

Written by
The EU-U.S. Privacy Shield (“Privacy Shield”) is already under challenge before the European courts, after having been approved only some months ago by the European Commission (“EU Commission”). The European courts’ website records that an action for annulment has been brought by Digital Rights Ireland, the privacy and digital rights advocacy organization, before the General Court of the European Union.  A spokesperson for the court has confirmed that Digital Rights Ireland’s application seeks annulment of the EU Commission’s July 12, 2016 Privacy Shield decision, which found [...] Read more

Department of Commerce Announces First Privacy Shield Participants

Written by
Over the weekend, the Department of Commerce’s Privacy Shield website was updated to show the first participants in the U.S.-EU Privacy Shield.  In total, about 45 companies have registered for Privacy Shield.  Prominent examples include Microsoft Corp. (along with 20 subsidiaries), Salesforce, and corporate-travel giant World Travel, Inc. Companies with questions about Privacy Shield are welcomed to visit our detailed Privacy Shield FAQs. Alston & Bird is closely following the development of Privacy Shield and advising companies on all aspects of EU data protection compliance.  [...] Read more

German DPAs Will Not Be Able to Challenge Privacy Shield this Year

Written by
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield.  While EU privacy leaders have noted that Privacy Shield represents important improvements in data protection, some German DPAs have voiced a desire to challenge Privacy Shield in court.  This desire is not necessarily uniform; Germany has 16 state and one federal DPA, and their approaches to particular issues can diverge.  Nonetheless, as we reported last year, at least one German DPA has taken the position [...] Read more

EU Commission Publishes Long-Awaited Privacy Shield Citizen’s Guide

Written by
Just over two weeks ago, the European Commission formally adopted the US-EU Privacy Shield.  As part of making Privacy Shield accessible to EU residents, the Commission has long planned to issue a "Citizen's Guide" to the rights and remedies EU residents enjoy when data is transferred to certified Privacy Shield organizations.  (A leader in the Commission's Directorate-General for Justice and Consumers announced that a Citizen's Guide was in the works at an event Alston & Bird co-hosted back in March.) Today, the Commission released its "Guide to the EU-U.S. Privacy Shield" for EU residents [...] Read more

Join Our Roadmap to the GDPR Webinar: Outsourcing & Processors — with Brexit

Written by
Alston & Bird invites you to join us for the third program in our Roadmap to the GDPR webinar series: Brexit Analysis, Outsourcing & Processors.  Our GDPR Roadmap series provides you with the critical information you need to assess and address the myriad issues raised by the passage and implementation of the GDPR.  This webinar will be held on Thursday, July 14, 2016 at 1:00 pm EST. To register for this program, please click here. The speakers for this event are Alston & Bird attorneys Peter Swire, Jan Dhont, and Karen Sanzaro.  This session will cover the following [...] Read more