Written by Daniel Felz
In late 2015, the European Court of Justice (ECJ) issued its initial Schrems decision, invalidating the EU/US Safe Harbor and leading to important developments in the rules for transferring personal data from the EU to the US. Since that decision, Mr. Schrems has pursued two further legal proceedings in the EU.
The first involves Mr. Schrems’ challenge in the Irish courts to EU Standard Contractual Clauses, which permit data to be transferred internationally between contract parties. In the trial, Alston & Bird Special Counsel Peter Swire testified as an expert on US national [...] Read more
Written by Nikolaos Theodorakis
In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US.
The case arose from a complaint [...] Read more
Written by Justin Hemmings
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more
Written by Michael Young
On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.
U.S. companies may participate in the Framework [...] Read more
Written by Jon Filipek, Daniel Felz and Privacy & Data Security Team
Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s decision approving the new framework ( the “Adequacy Decision”), U.S. organizations participating in the Privacy Shield will be deemed to ensure an “adequate level of protection” for the transfers of personal data from Europe to the U.S.. The Privacy Shield is the result of extensive negotiations between the EU Commission and the U.S. Department of Commerce [...] Read more
Written by Privacy & Data Security Team
Last week has seen two important developments in relation to the EU-U.S. Privacy Shield (“Privacy Shield”) for transfers of personal information from Europe to the United States.
A draft adequacy decision and related documentation for the Privacy Shield were released by the EU Commission on February 29, 2016, and are now being reviewed by the relevant EU bodies. Following an opinion by the consortium of data protection authorities (“DPAs”), the Article 29 Working Party (“WP29”), which called for substantial amendments to the Privacy Shield, the EU Parliament and the European Data [...] Read more
Written by Privacy & Data Security Team
On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts that constitute the Privacy Shield arrangement.
In accordance with its mission, WP29 said that it would assess the documents in order to give its opinion on the level of protection afforded by the Privacy Shield. The statement also said that subgroups of the Working Party will be engaged to analyze the safeguards provided for in the Privacy Shield [...] Read more
Written by Jon Filipek
In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United States. The issued documents include a draft adequacy decision by the Commission finding that the Privacy Shield provides an adequate level of protection for data transferred under the arrangement and a series of annexes that set out the applicable details and procedures as well as commitments undertaken by the U.S. government to ensure the Privacy [...] Read more
Written by Michael Young
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy.
The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.)
Other [...] Read more
Written by Jan Dhont
Today, the consortium of European data protection authorities, the Article 29 Working Party (“WP29”), released a much awaited statement on the consequences of the European Court of Justice ("ECJ") decision that invalidated the Safe Harbor framework. Companies will be relieved to find that alternative transfer mechanisms, such as Model Contracts or Binding Corporate Rules, are not at risk for the moment. The WP29’s main focus is on the new “EU-US Privacy Shield” that will replace the Safe Harbor framework. While the details of the “EU-US Privacy Shield” have not been published yet, [...] Read more