European Court of Justice

ECJ Rules against Schrems Class Action, Sets Up Jurisdictional Questions for GDPR Class Actions

Written by

In late 2015, the European Court of Justice (ECJ) issued its initial Schrems decision, invalidating the EU/US Safe Harbor and leading to important developments in the rules for transferring personal data from the EU to the US.  Since that decision, Mr. Schrems has pursued two further legal proceedings in the EU. The first involves Mr. Schrems’ challenge in the Irish courts to EU Standard Contractual Clauses, which permit data to be transferred internationally between contract parties.  In the trial,  Alston & Bird Special Counsel Peter Swire testified as an expert on US national [...] Read more

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by

In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more

EU-US Privacy Shield – FAQs

Written by and

Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s decision approving the new framework ( the “Adequacy Decision”), U.S. organizations participating in the Privacy Shield will be deemed to ensure an “adequate level of protection” for the transfers of personal data from Europe to the U.S.. The Privacy Shield is the result of extensive negotiations between the EU Commission and the U.S. Department of Commerce [...] Read more

EU Institutions Weigh In on Commission’s EU-U.S. Privacy Shield Proposal

Written by

Last week has seen two important developments in relation to the EU-U.S. Privacy Shield (“Privacy Shield”) for transfers of personal information from Europe to the United States. A draft adequacy decision and related documentation for the Privacy Shield were released by the EU Commission on February 29, 2016, and are now being reviewed by the relevant EU bodies. Following an opinion by the consortium of data protection authorities (“DPAs”), the Article 29 Working Party (“WP29”), which called for substantial amendments to the Privacy Shield, the EU Parliament and the European Data [...] Read more

A Brief Overview of the Privacy Shield

Written by

A one page summary is now available to help U.S. organizations initially evaluate whether the Privacy Shield represents a viable mechanism to legitimize their transfer of personal data from the European union. The summary lists the key features and requirements of the Privacy Shield, some of which were contained in the now-invalidated EU-U.S. Safe Harbor Framework, but have been made more stringent. Our Information Security & Privacy Team also is compiling a detailed checklist to help corporations identify the specific requirements to certify for the Privacy Shield. [...] Read more

WP 29 Issues Statement on EU-U.S. Privacy Shield

Written by

On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts that constitute the Privacy Shield arrangement. In accordance with its mission, WP29 said that it would assess the documents in order to give its opinion on the level of protection afforded by the Privacy Shield. The statement also said that subgroups of the Working Party will be engaged to analyze the safeguards provided for in the Privacy Shield [...] Read more

Senior Counsel Peter Swire to Debate European Privacy Activist Max Schrems

Written by

Peter Swire, Alston & Bird Senior Counsel and Huang Professor of Law and Ethics at the Georgia Institute of Technology Scheller College of Business, will debate privacy activist Max Schrems on January 26, 2015 in Brussels, Belgium.  The event, sponsored by the Brussels Privacy Hub at the Vrije Universiteit Brussel, will take place at the Belgium Permanent Representative to the EU and is a pre-conference launch event to the Computers, Privacy & Data Protection 2016 conference taking place in Brussels on January 27-29.  (Peter Swire will also participate in two sessions at the conference: [...] Read more

Updated Schrems ECJ / Safe Harbor Ruling FAQs

Written by

Alston & Bird has published an updated set of Frequently Asked Questions (FAQs) on the decision by the European Court of Justice holding that the U.S.-EU Safe Harbor Framework is invalid (also known as the Schrems decision). The FAQs are designed to help companies that rely on the Safe Harbor Framework understand the scope of the ECJ decision and think through options to continue to move personal data from the European Economic Area to the United States.  Our new version incorporates updates based on developments since October 15.  Please see our original blog entry on the decision here. [...] Read more

European Commission Releases Communication on Schrems and Safe Harbor 2.0

Written by

On November 6, 2015, the European Commission released a widely-anticipated Communication assessing the impact of the judgment of the European Court of Justice (“ECJ”) in the Schrems case (C-362/14), which invalidated the U.S.-EU Safe Harbor framework.  Though the Communication is not legally binding, it provides useful guidance to companies on transfers of personal data to the United States in the absence of the Safe Harbor mechanism. The Commission’s Communication is consistent with analysis and approach outlined by the European data protection authorities (“DPA”) in their October [...] Read more

Jan Dhont Authors Corporate Counsel Article on Safe Harbor Decision

Written by

Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice authored the Corporate Counsel article, “The Sinking of the Safe Harbor: Just Another Symbolic Decision?”  In the article, Dhont discusses the concerns and uncertainty stemming from the October 6 European Court of Justice strike-down of Safe Harbor, and where companies may go from here.  This ruling is a matter of global concern and may actually result in less privacy for individuals, not more. Dhont notes that while there are mid- to long-term solutions to take the place of Safe Harbor, [...] Read more