Data Protection

After Schrems II: A Proposal to Meet the Individual Redress Challenge

August 18, 2020 By Paul Greaves

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield in the Schrems II case. In an article written by Georgia Tech professor and Alston & Bird Senior Counsel Peter Swire with co-author Kenneth Propp, entitled ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’, […]

EDPB Guidance on the Schrems II Ruling: An Early Response to the Cry for Clarity

August 5, 2020 By Wim Nauwelaerts, Yung Shin Van Der Sype and Paul Greaves

(This blog post summarizes Wim Nauwelaerts’ (Alston & Bird), Early EDPB Guidance in the Wake of Schrems II – Where E.U.-U.S. Data Transfers Are Headed, Cybersecurity Law Report, Aug. 5, 2020) On July 23, 2020, the European Data Protection Board (EDPB) adopted its first set of guidelines on the Schrems II judgment of the Court […]

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

July 27, 2020 By Kimberly Peretti, Amy Mushahwar and Dorian Simmons

On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

July 23, 2020 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

On July 22, 2020, the European Data Protection Board (‘EDPB’) released an information note on Binding Corporate Rules (‘BCRs’), which provides guidance for groups of undertakings/enterprises which have the UK ICO as their competent supervisory authority (‘BCR Lead SA’) [1]. Binding Corporate Rules are a means of legitimizing transfers of personal data outside of the […]

European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment

July 20, 2020 By Wim Nauwelaerts and Paul Greaves

On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard […]