On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield, a principal legal method for the transfer of personal data from the EU to the United States. The CJEU ruling further cast doubt on the standard contractual clauses, the other means of effecting such international transfers. In […]
Privacy & Cyber Regulatory Enforcement
EU DPAs Announce Post-Schrems Enforcement Plans
Today, the European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past. A number […]
Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses
Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]
California Amends Bill to Extend Exemptions for Employment and Business-to-Business Information under the CCPA
Even as enforcement of the California Consumer Privacy Act (the “CCPA”) begins, there is uncertainty as to whether and when employment information and business-to-business data will become fully subject to the CCPA. On Thursday, June 25, the California state Senate amended Assembly Bill 1281 (“AB 1281”) to extend until January 1, 2022 exemptions from the […]
California Privacy Rights Act (CPRA) Will be on November Ballot
The California Secretary of State has announced that the California Privacy Rights Act (CPRA) will be on California’s November 3, 2020 ballot. If approved by California voters, the CPRA would significantly update and amend the California Consumer Privacy Act (CCPA) that went into effect at the beginning of this year. The organization that submitted the […]