Cross-border

Alston & Bird Hosts Webinar on Binding Corporate Rules – The Benefits Go Far Beyond Data Transfers

Written by

Binding corporate rules (BCRs) are a legally recognized mechanism that facilitate intra-group transfers of personal data from the European Economic Area (EEA) to the rest of the world. Adopting BCRs not only allows for the free flow of information across an organization but also builds a strong digital culture which is crucial in this data intensive world. On Nov. 7th at 1-2 pm ET, join partners Jan Dhont and Jim Harvey, and senior counsel Peter Swire in an engaging discussion on the evolution of BCRs, the path to BCRs (including the application process), and the realities of embedding the elements […] Read more

India’s Draft Data Protection Bill: Another GDPR Around The Corner?

Written by

India recently introduced the Personal Data Protection Bill 2018 (“Bill”). The transfer of personal data in India is currently governed by the SPD Rules (Sensitive Personal Data and Information, 2011), which is however considered outdated and not fully protective of personal data. The Bill comes as a result of the country’s Supreme Court recent judgment that declared privacy a fundamental right of an individual. The Srikrishma Committee (“Committee”) was responsible for drafting the Bill and coined a legal framework that is aimed to shape the country’s digital agenda. The Committee […] Read more

European Parliament Calls to Suspend Privacy Shield

Written by

On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018.  With a vote of 303 in favor and 223 opposed with 29 abstentions, the Parliament passed the resolution and stated concerns about the enforcement of the Privacy Shield framework and about U.S. surveillance and privacy law generally.  Regarding the resolution, LIBE Chair and rapporteur Claude Moraes said “[t]his [...] Read more

GDPR Fragmentation May Appear More Significant than Intended

Written by

With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in several areas, for instance to introduce specific conditions or limitations for the processing of biometric, genetic, or health data; to create specific protection regimes for employee data; or to restrict the rights the GDPR grants to individuals. [...] Read more

European Parliament’s Civil Liberties Committee Targets EU-U.S. Privacy Shield, Cloud Act

Written by

On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully complies with the framework’s requirements by September 1, 2018.  With a vote of 29 votes in favor, 25 opposed, and 3 abstentions the LIBE passed the draft resolution calling on the European Commission to (1) ensure that the Privacy Shield fully complies with the GDPR and the EU charter so as to not create loopholes or competitive advantage for US companies; and (2) restart [...] Read more

Irish High Court Refers Schrems 2.0 to the ECJ

Written by

On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in the case is whether the European Commission’s Decisions regarding standard contractual clauses (SCCs) are valid, which is reflected in the 11 questions posed. The reference asks the ECJ to determine: Whether provisions of EU law related to national security, public security, defense, and state security apply to transfers of data outside the EU under SCCs; Whether [...] Read more

The CLOUD Act and its Impact on Cross-Border Access to the Contents of Communications

Written by and

On Friday morning, March 23, President Trump signed the $1.3 trillion omnibus spending bill into law, including the Clarifying Lawful Overseas Use of Data (CLOUD) Act, and in doing so established a sea change in the rules for cross-border government access to the contents of electronic communications. The CLOUD Act consists of three core components: (1) resolving the main issue in the Microsoft Ireland case pending before the U.S. Supreme Court, (2) providing a process for entities to request a comity analysis for potential conflicts with non-U.S. legal obligations, and (3) removing legal barriers [...] Read more

Supreme Court Hears Oral Argument in the Microsoft Ireland Case

Written by

On Tuesday, February 27th, the U.S. Supreme Court heard oral argument in United States v. Microsoft Corp. on whether a warrant issued under the Stored Communications Act (SCA) can compel the production of data stored outside the United States. Where Microsoft argues that the emails stored outside the United States also lie outside the reach of the SCA, the government contends that the SCA focuses on “classically domestic content,” and that Microsoft can be compelled within the U.S. to turn over records it controls regardless of where the data sought is stored. This case began in December [...] Read more

Privacy & Data Security Team Launches Unique GDPR Tracker Website

Written by

“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation [...] Read more

ECJ Rules against Schrems Class Action, Sets Up Jurisdictional Questions for GDPR Class Actions

Written by

In late 2015, the European Court of Justice (ECJ) issued its initial Schrems decision, invalidating the EU/US Safe Harbor and leading to important developments in the rules for transferring personal data from the EU to the US.  Since that decision, Mr. Schrems has pursued two further legal proceedings in the EU. The first involves Mr. Schrems’ challenge in the Irish courts to EU Standard Contractual Clauses, which permit data to be transferred internationally between contract parties.  In the trial,  Alston & Bird Special Counsel Peter Swire testified as an expert on US national [...] Read more