Safe Harbor 2.0

European Parliament Calls to Suspend Privacy Shield

Written by

On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018.  With a vote of 303 in favor and 223 opposed with 29 abstentions, the Parliament passed the resolution and stated concerns about the enforcement of the Privacy Shield framework and about U.S. surveillance and privacy law generally.  Regarding the resolution, LIBE Chair and rapporteur Claude Moraes said “[t]his [...] Read more

European Parliament’s Civil Liberties Committee Targets EU-U.S. Privacy Shield, Cloud Act

Written by

On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully complies with the framework’s requirements by September 1, 2018.  With a vote of 29 votes in favor, 25 opposed, and 3 abstentions the LIBE passed the draft resolution calling on the European Commission to (1) ensure that the Privacy Shield fully complies with the GDPR and the EU charter so as to not create loopholes or competitive advantage for US companies; and (2) restart [...] Read more

Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed

Written by

On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

EU Institutions Weigh In on Commission’s EU-U.S. Privacy Shield Proposal

Written by

Last week has seen two important developments in relation to the EU-U.S. Privacy Shield (“Privacy Shield”) for transfers of personal information from Europe to the United States. A draft adequacy decision and related documentation for the Privacy Shield were released by the EU Commission on February 29, 2016, and are now being reviewed by the relevant EU bodies. Following an opinion by the consortium of data protection authorities (“DPAs”), the Article 29 Working Party (“WP29”), which called for substantial amendments to the Privacy Shield, the EU Parliament and the European Data [...] Read more

A Brief Overview of the Privacy Shield

Written by

A one page summary is now available to help U.S. organizations initially evaluate whether the Privacy Shield represents a viable mechanism to legitimize their transfer of personal data from the European union. The summary lists the key features and requirements of the Privacy Shield, some of which were contained in the now-invalidated EU-U.S. Safe Harbor Framework, but have been made more stringent. Our Information Security & Privacy Team also is compiling a detailed checklist to help corporations identify the specific requirements to certify for the Privacy Shield. [...] Read more

EU Working Party Discusses Data Transfer Framework

Written by

Today, the consortium of European data protection authorities, the Article 29 Working Party (“WP29”), released a much awaited statement on the consequences of the European Court of Justice ("ECJ") decision that invalidated the Safe Harbor framework. Companies will be relieved to find that alternative transfer mechanisms, such as Model Contracts or Binding Corporate Rules, are not at risk for the moment. The WP29’s main focus is on the new “EU-US Privacy Shield” that will replace the Safe Harbor framework. While the details of the “EU-US Privacy Shield” have not been published yet, [...] Read more

Statement from Peter Swire on Safe Harbor Agreement

Written by

Peter Swire issued the following statement today following news of a revised Safe Harbor framework. Today the European Union and United States announced a new framework for transatlantic data flows, called the EU-US Privacy Shield.   This will update the EU-US Safe Harbor agreement, for which I was part of the negotiating team in 2000.  At the invitation of European Union privacy officials, I testified in December 2015 about “US Surveillance Law, Safe Harbor, and Reforms Since 2013,” available here. The US has made multiple and important reforms to its surveillance law since the Snowden [...] Read more

Examining the Judicial Redress Act

Written by

The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0" framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate. As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request [...] Read more