Tag Archives: Cross-border

WP29’s Guidance on the Lead Supervisory Authority

Written by
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation (GDPR).  This is part three of a three-part Alston & Bird series evaluating WP29's positions, and relates to  the “One Stop Shop” mechanism which aims at simplifying the way companies with operations in multiple EU countries interact with the EU supervisory authorities (“SAs”). Part 1 deals with Data Protection Officer Obligations, under the GDPR, while part 2 analyzes guidance on the Right to Data Portability. The [...] Read more

A Brief Overview of the Privacy Shield

Written by
A one page summary is now available to help U.S. organizations initially evaluate whether the Privacy Shield represents a viable mechanism to legitimize their transfer of personal data from the European union. The summary lists the key features and requirements of the Privacy Shield, some of which were contained in the now-invalidated EU-U.S. Safe Harbor Framework, but have been made more stringent. Our Information Security & Privacy Team also is compiling a detailed checklist to help corporations identify the specific requirements to certify for the Privacy Shield. [...] Read more

Updated Schrems ECJ / Safe Harbor Ruling FAQs

Written by
Alston & Bird has published an updated set of Frequently Asked Questions (FAQs) on the decision by the European Court of Justice holding that the U.S.-EU Safe Harbor Framework is invalid (also known as the Schrems decision). The FAQs are designed to help companies that rely on the Safe Harbor Framework understand the scope of the ECJ decision and think through options to continue to move personal data from the European Economic Area to the United States.  Our new version incorporates updates based on developments since October 15.  Please see our original blog entry on the decision here. [...] Read more

A Busy Month for German Data Protection

Written by
The European Court of Justice handed down its Schrems decision invalidating the Safe Harbor mechanism on October 6, 2015.  Since then, companies have been looking to the Data Protection Authorities (DPAs) of EU member states to see how the decision would be interpreted and enforced. As many companies know, Germany is a multifaceted data-protection landscape.  Germany maintains seventeen (17) independent DPAs.  Sixteen of these DPAs are run by the German states (or Länder), and these state-run DPAs are primarily responsible for overseeing private companies.  The remaining DPA is run by Germany’s [...] Read more

European Commission Releases Communication on Schrems and Safe Harbor 2.0

Written by and
On November 6, 2015, the European Commission released a widely-anticipated Communication assessing the impact of the judgment of the European Court of Justice (“ECJ”) in the Schrems case (C-362/14), which invalidated the U.S.-EU Safe Harbor framework.  Though the Communication is not legally binding, it provides useful guidance to companies on transfers of personal data to the United States in the absence of the Safe Harbor mechanism. The Commission’s Communication is consistent with analysis and approach outlined by the European data protection authorities (“DPA”) in their October [...] Read more

Jan Dhont Authors Corporate Counsel Article on Safe Harbor Decision

Written by
Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice authored the Corporate Counsel article, “The Sinking of the Safe Harbor: Just Another Symbolic Decision?”  In the article, Dhont discusses the concerns and uncertainty stemming from the October 6 European Court of Justice strike-down of Safe Harbor, and where companies may go from here.  This ruling is a matter of global concern and may actually result in less privacy for individuals, not more. Dhont notes that while there are mid- to long-term solutions to take the place of Safe Harbor, [...] Read more

Article 29 Working Party Calls for Political Action

Written by and
In a concise statement, the Article 29 Working Party (WP29), a consortium of European Data Protection Authorities (DPAs), released a position paper today about the landmark ruling of the European Court of Justice in Maximilian Schrems v. Data Protection Commissioner (C-362-14). WP29 makes a political call on the EU Member States to finalize discussions with the US authorities on a political and legal solution for the transfer of personal information from the EU to the US.  The solution should ensure that strong guarantees are provided to EU data subjects against US surveillance.   WP29 calls [...] Read more

A Discussion with FTC Commissioner Julie Brill: The Future of Trans-Atlantic Privacy

Written by
On October 20, Alston & Bird will host a panel discussion with FTC Commissioner Julie Brill. The event will be broadcast as a webinar. Commissioner Brill will discuss the future of U.S. – European privacy with Brussels Partner Jan Dhont and Senior Counsel Peter Swire. The discussion will be moderated by Partner Jim Harvey. This timely discussion with Commissioner Brill follows the European Court of Justice’s rejection of the Safe Harbor framework in the judgment issued on October 6. That rejection affects thousands of businesses engaged in E.U. – U.S. data transfers. Meanwhile, the [...] Read more

David Keating Quoted on Law360 about Data Transfer Issues After Safe Harbor is Invalidated

Written by
David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, was quoted on Law360 regarding the practical impact on companies of the decision of the European Court of Justice (ECJ) invalidating the EU-U.S. Safe Harbor program for transfers of personal data. The ECJ decision requires companies to evaluate the mechanisms they and their vendors use to move data out of the European Union and the European Economic Area. One option that is being discussed by the commentators is to secure individual data subject consents.  David points out that this approach may [...] Read more

European Court of Justice Strikes Down Safe Harbor

Written by
In a momentous judgment, the European Court of Justice (“ECJ”) today invalidated the European Commission’s decision establishing the E.U.-US Safe Harbor for transfers of personal data (“Safe Harbor Decision”).  The ruling was made with record dispatch, following on an Advocate General Opinion recommending invalidation that was delivered to the Court only two weeks ago. Facts of the case: In the wake of the 2013 Snowden revelations, Maximilian Schrems, an Austrian citizen, privacy activist, and Facebook user, lodged a complaint with Ireland's Data Privacy Authority (“DPA”), [...] Read more