Just under a year ago today, the European Court of Justice (ECJ) issued its Schrems decision, which invalidated Safe Harbor and led to substantial developments in US-EU data-transfer mechanisms. In parallel to the ECJ Safe Harbor litigation, Mr. Schrems has maintained two further legal proceedings in the EU: (1) a challenge in the Irish courts […]
German DPAs to Create Model Processing Records for GDPR Compliance
On May 25, 2018, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of processing activities. Under Article 30 GDPR, companies will need to inventory all “processing activities under [their] responsibility” and memorialize them […]
Department of Commerce Announces First Privacy Shield Participants
Over the weekend, the Department of Commerce’s Privacy Shield website was updated to show the first participants in the U.S.-EU Privacy Shield. In total, about 45 companies have registered for Privacy Shield. Prominent examples include Microsoft Corp. (along with 20 subsidiaries), Salesforce, and corporate-travel giant World Travel, Inc. Companies with questions about Privacy Shield are […]
German DPAs Will Not Be Able to Challenge Privacy Shield this Year
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted that Privacy Shield represents important improvements in data protection, some German DPAs have voiced a desire to challenge Privacy Shield in […]
EU Commission Publishes Long-Awaited Privacy Shield Citizen’s Guide
Just over two weeks ago, the European Commission formally adopted the US-EU Privacy Shield. As part of making Privacy Shield accessible to EU residents, the Commission has long planned to issue a “Citizen’s Guide” to the rights and remedies EU residents enjoy when data is transferred to certified Privacy Shield organizations. (A leader in the Commission’s Directorate-General […]