On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of proposed rulemaking that would require reporting to the FTC of certain cybersecurity events. Revisions to the Safeguards Rule Effective since 2003, […]
FTC
Alston & Bird Attorneys Propose Assessing Data Portability in Antitrust Context
In the November 2020 edition of the Competition Policy International Antitrust Chronicle, Georgia Tech professor and Alston & Bird senior counsel Peter Swire and partner John Snyder discuss ways to utilize the Portability and Other Required Transfers Impact Assessment (“PORT-IA”) in the context of antitrust law. The PORT-IA is a structured set of questions based […]
Peter Swire Announced as Key Speaker at FTC Workshop on Data Portability
The Federal Trade Commission (“FTC”) today announced that Peter Swire, Senior Counsel at Alston & Bird LLP and Elizabeth and Thomas Holder Chair at Georgia Tech Scheller College of Business, will deliver a key presentation at the upcoming FTC Workshop on Data Portability (“Workshop”). Data portability refers to the ability of consumers to move data […]
‘Schrems II’ backs the European legal regime into a corner — How can it get out?
On July 16, the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield in the ‘Schrems 2.0’ Case (Facebook Ireland and Schrems (Case C-311/18)). In an article for the International Association of Privacy Professionals, Alston & Bird Senior Counsel Peter Swire analyzes the decision and discusses potential implications, including those relating […]
Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses
Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]