Regulation

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

July 27, 2020 By Kimberly Peretti, Amy Mushahwar and Dorian Simmons

On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]

European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment

July 20, 2020 By Wim Nauwelaerts and Paul Greaves

On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard […]

Geopolitical Implications of the European Court’s Schrems II Decision

July 17, 2020 By Aaron Wasser

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield, a principal legal method for the transfer of personal data from the EU to the United States. The CJEU ruling further cast doubt on the standard contractual clauses, the other means of effecting such international transfers. In […]

EU DPAs Announce Post-Schrems Enforcement Plans

July 16, 2020 By Daniel Felz

Today, the European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past. A number […]