Written by Nikolaos Theodorakis
India recently introduced the Personal Data Protection Bill 2018 (“Bill”). The transfer of personal data in India is currently governed by the SPD Rules (Sensitive Personal Data and Information, 2011), which is however considered outdated and not fully protective of personal data. The Bill comes as a result of the country’s Supreme Court recent judgment that declared privacy a fundamental right of an individual. The Srikrishma Committee (“Committee”) was responsible for drafting the Bill and coined a legal framework that is aimed to shape the country’s digital agenda. The Committee […] Read more
Written by Justin Hemmings
On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018. With a vote of 303 in favor and 223 opposed with 29 abstentions, the Parliament passed the resolution and stated concerns about the enforcement of the Privacy Shield framework and about U.S. surveillance and privacy law generally. Regarding the resolution, LIBE Chair and rapporteur Claude Moraes said “[t]his
[...] Read more
Written by Justin Hemmings
On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully complies with the framework’s requirements by September 1, 2018. With a vote of 29 votes in favor, 25 opposed, and 3 abstentions the LIBE passed the draft resolution calling on the European Commission to
(1) ensure that the Privacy Shield fully complies with the GDPR and the EU charter so as to not create loopholes or competitive advantage for US companies; and
(2) restart
[...] Read more
Written by Justin Hemmings
On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in the case is whether the European Commission’s Decisions regarding standard contractual clauses (SCCs) are valid, which is reflected in the 11 questions posed.
The reference asks the ECJ to determine:
Whether provisions of EU law related to national security, public security, defense, and state security apply to transfers of data outside the EU under SCCs;
Whether
[...] Read more
Written by Nikolaos Theodorakis
In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US.
The case arose from a complaint
[...] Read more
Written by Justin Hemmings
Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and senior counsel at Alston & Bird, has made public his expert testimony from the landmark Irish High Court Case Data Protection Commissioner v. Facebook Ireland Limited & Maximillian Schrems. Under the Irish Court’s rules, Swire was asked to provide an independent opinion on U.S. surveillance law to assist the Court in its decision. Swire’s testimony highlights U.S. systemic remedies, U.S. individual remedies, Foreign Intelligence Surveillance Court oversight, and the broader implications
[...] Read more
Written by Privacy & Data Security Team
On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts that constitute the Privacy Shield arrangement.
In accordance with its mission, WP29 said that it would assess the documents in order to give its opinion on the level of protection afforded by the Privacy Shield. The statement also said that subgroups of the Working Party will be engaged to analyze the safeguards provided for in the Privacy Shield
[...] Read more
Written by Jon Filipek
In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United States. The issued documents include a draft adequacy decision by the Commission finding that the Privacy Shield provides an adequate level of protection for data transferred under the arrangement and a series of annexes that set out the applicable details and procedures as well as commitments undertaken by the U.S. government to ensure the Privacy
[...] Read more
Written by Michael Young
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy.
The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.)
Other
[...] Read more
Written by Jan Dhont and Jon Filipek
On December 15, 2015, following four years of close, sometimes contentious, review, the EU institutions agreed upon the text of the General Data Protection Regulation (the “GDPR”). One of the most important EU legislative initiatives in recent years, the GDPR is also a landmark in privacy regulation worldwide. As from the time the GDPR takes effect – most likely in early 2018 – data protection regulation for most of Europe will largely proceed from a single set of rules.
The GDPR will replace the Data Protection Directive (95/46/EC) (the “Directive”), adopted in 1995, which was
[...] Read more
