Tag Archives: Cross-border

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by
In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more

Professor Peter Swire Publishes his Expert Testimony from Schrems 2.0

Written by
Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and senior counsel at Alston & Bird, has made public his expert testimony from the landmark Irish High Court Case Data Protection Commissioner v. Facebook Ireland Limited & Maximillian Schrems. Under the Irish Court’s rules, Swire was asked to provide an independent opinion on U.S. surveillance law to assist the Court in its decision. Swire’s testimony highlights U.S. systemic remedies, U.S. individual remedies, Foreign Intelligence Surveillance Court oversight, and the broader implications [...] Read more

WP29’s Guidance on the Lead Supervisory Authority

Written by
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR).  This is part three of a three-part Alston & Bird series evaluating WP29's positions, and relates to  the “One Stop Shop” mechanism which aims at simplifying the way companies with operations in multiple EU countries interact with the EU supervisory authorities (“SAs”). Part 1 deals with Data Protection Officer Obligations, under the GDPR, while part 2 analyzes guidance on the Right to Data Portability. The [...] Read more

A Brief Overview of the Privacy Shield

Written by
A one page summary is now available to help U.S. organizations initially evaluate whether the Privacy Shield represents a viable mechanism to legitimize their transfer of personal data from the European union. The summary lists the key features and requirements of the Privacy Shield, some of which were contained in the now-invalidated EU-U.S. Safe Harbor Framework, but have been made more stringent. Our Information Security & Privacy Team also is compiling a detailed checklist to help corporations identify the specific requirements to certify for the Privacy Shield. [...] Read more

Updated Schrems ECJ / Safe Harbor Ruling FAQs

Written by
Alston & Bird has published an updated set of Frequently Asked Questions (FAQs) on the decision by the European Court of Justice holding that the U.S.-EU Safe Harbor Framework is invalid (also known as the Schrems decision). The FAQs are designed to help companies that rely on the Safe Harbor Framework understand the scope of the ECJ decision and think through options to continue to move personal data from the European Economic Area to the United States.  Our new version incorporates updates based on developments since October 15.  Please see our original blog entry on the decision here. [...] Read more

A Busy Month for German Data Protection

Written by
The European Court of Justice handed down its Schrems decision invalidating the Safe Harbor mechanism on October 6, 2015.  Since then, companies have been looking to the Data Protection Authorities (DPAs) of EU member states to see how the decision would be interpreted and enforced. As many companies know, Germany is a multifaceted data-protection landscape.  Germany maintains seventeen (17) independent DPAs.  Sixteen of these DPAs are run by the German states (or Länder), and these state-run DPAs are primarily responsible for overseeing private companies.  The remaining DPA is run by Germany’s [...] Read more

European Commission Releases Communication on Schrems and Safe Harbor 2.0

Written by and
On November 6, 2015, the European Commission released a widely-anticipated Communication assessing the impact of the judgment of the European Court of Justice (“ECJ”) in the Schrems case (C-362/14), which invalidated the U.S.-EU Safe Harbor framework.  Though the Communication is not legally binding, it provides useful guidance to companies on transfers of personal data to the United States in the absence of the Safe Harbor mechanism. The Commission’s Communication is consistent with analysis and approach outlined by the European data protection authorities (“DPA”) in their October [...] Read more

Jan Dhont Authors Corporate Counsel Article on Safe Harbor Decision

Written by
Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice authored the Corporate Counsel article, “The Sinking of the Safe Harbor: Just Another Symbolic Decision?”  In the article, Dhont discusses the concerns and uncertainty stemming from the October 6 European Court of Justice strike-down of Safe Harbor, and where companies may go from here.  This ruling is a matter of global concern and may actually result in less privacy for individuals, not more. Dhont notes that while there are mid- to long-term solutions to take the place of Safe Harbor, [...] Read more

Article 29 Working Party Calls for Political Action

Written by and
In a concise statement, the Article 29 Working Party (WP29), a consortium of European Data Protection Authorities (DPAs), released a position paper today about the landmark ruling of the European Court of Justice in Maximilian Schrems v. Data Protection Commissioner (C-362-14). WP29 makes a political call on the EU Member States to finalize discussions with the US authorities on a political and legal solution for the transfer of personal information from the EU to the US.  The solution should ensure that strong guarantees are provided to EU data subjects against US surveillance.   WP29 calls [...] Read more

A Discussion with FTC Commissioner Julie Brill: The Future of Trans-Atlantic Privacy

Written by
On October 20, Alston & Bird will host a panel discussion with FTC Commissioner Julie Brill. The event will be broadcast as a webinar. Commissioner Brill will discuss the future of U.S. – European privacy with Brussels Partner Jan Dhont and Senior Counsel Peter Swire. The discussion will be moderated by Partner Jim Harvey. This timely discussion with Commissioner Brill follows the European Court of Justice’s rejection of the Safe Harbor framework in the judgment issued on October 6. That rejection affects thousands of businesses engaged in E.U. – U.S. data transfers. Meanwhile, the [...] Read more