Tag Archives: Max Schrems decision

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by
In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more

Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed

Written by
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

Swiss-U.S. Privacy Shield Finalized

Written by
On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.   U.S. companies may participate in the Framework [...] Read more

EU-US Privacy Shield – FAQs

Written by , and
Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s decision approving the new framework ( the “Adequacy Decision”), U.S. organizations participating in the Privacy Shield will be deemed to ensure an “adequate level of protection” for the transfers of personal data from Europe to the U.S.. The Privacy Shield is the result of extensive negotiations between the EU Commission and the U.S. Department of Commerce [...] Read more

EU Institutions Weigh In on Commission’s EU-U.S. Privacy Shield Proposal

Written by
Last week has seen two important developments in relation to the EU-U.S. Privacy Shield (“Privacy Shield”) for transfers of personal information from Europe to the United States. A draft adequacy decision and related documentation for the Privacy Shield were released by the EU Commission on February 29, 2016, and are now being reviewed by the relevant EU bodies. Following an opinion by the consortium of data protection authorities (“DPAs”), the Article 29 Working Party (“WP29”), which called for substantial amendments to the Privacy Shield, the EU Parliament and the European Data [...] Read more

WP 29 Issues Statement on EU-U.S. Privacy Shield

Written by
On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts that constitute the Privacy Shield arrangement. In accordance with its mission, WP29 said that it would assess the documents in order to give its opinion on the level of protection afforded by the Privacy Shield. The statement also said that subgroups of the Working Party will be engaged to analyze the safeguards provided for in the Privacy Shield [...] Read more

European Commission Debuts EU-U.S. Privacy Shield

Written by
In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United States.  The issued documents include a draft adequacy decision by the Commission finding that the Privacy Shield provides an adequate level of protection for data transferred under the arrangement and a series of annexes that set out the applicable details and procedures as well as commitments undertaken by the U.S. government to ensure the Privacy [...] Read more

Managing the E.U. Data Transfer Landscape

Written by
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy. The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.) Other [...] Read more

EU Working Party Discusses Data Transfer Framework

Written by
Today, the consortium of European data protection authorities, the Article 29 Working Party (“WP29”), released a much awaited statement on the consequences of the European Court of Justice ("ECJ") decision that invalidated the Safe Harbor framework. Companies will be relieved to find that alternative transfer mechanisms, such as Model Contracts or Binding Corporate Rules, are not at risk for the moment. The WP29’s main focus is on the new “EU-US Privacy Shield” that will replace the Safe Harbor framework. While the details of the “EU-US Privacy Shield” have not been published yet, [...] Read more

Examining the Judicial Redress Act

Written by
The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0" framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate. As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request [...] Read more