European Union (EU)

EU Announces First Sanctions under EU Cyber Sanctions Regime

July 31, 2020 By Privacy, Cyber & Data Strategy Team

On July 30, 2020, the European Council announced sanctions against six individuals and three organizations for their involvement in a series of cyber-attacks that have caused significant damage in the EU and around the world over the last several years. The announcement follows the EU’s adoption last year of Decision (CFSP) 2019/797, which established the […]

European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment

July 20, 2020 By Wim Nauwelaerts and Paul Greaves

On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard […]

EU DPAs Announce Post-Schrems Enforcement Plans

July 16, 2020 By Daniel Felz

Today, the European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past. A number […]

Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses

July 16, 2020 By Paul Greaves and Wim Nauwelaerts

Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]

Wim Nauwelaerts Authors Summary of EDPB’s Guidelines of the GDPR

January 9, 2020 By Privacy, Cyber & Data Strategy Team

Wim Nauwelaerts, Brussels partner and leader of the firm’s EU Privacy and Data Protection practice, has authored a summary of the European Data Protection Board’s (EDPB) guidelines on the territorial scope of the GDPR. On November 12, 2019, the EDPB adopted the final version of its guidelines – almost one year after they had been […]