Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: International Privacy Law

Subscribe to International Privacy Law RSS Feed

Companies Face Uncertainty as Privacy Shield Encounters New Hurdles

Posted in International Privacy Law
The Privacy Shield, proposed this past February and greeted with cautious optimism by European and U.S. regulators alike as a more robust “replacement” for the invalidated Safe Harbor framework, appears to be suffering death by a thousand paper cuts. Today’s European Parliament resolution (the “Resolution”) delivered the latest blow. The Resolution recommends that the European… Continue Reading

Privacy Shield Update: A Recap of Recent Developments

Posted in International Privacy Law
On April 13, 2016, the Article 29 Working Party (WP29), an influential group of European data protection authorities, issued a non-binding opinion that criticized certain elements of the fledgling Privacy Shield framework. Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and… Continue Reading

U.S. Companies May Risk Liability Under Canadian Anti-Spam Law

Posted in International Privacy Law
U.S. companies may soon risk litigation for failing to comply with the provisions of Canada’s anti-spam law (CASL) in their electronic communications to Canadian consumers. While this anti-spam law has been in force since 2014, its provisions permitting a private right of action become effective on July 1, 2017. Even companies with no operations in… Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

Posted in International Privacy Law
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data… Continue Reading

German Data Protection Authorities Limit Use of Alternative Data Transfer Mechanisms in Light of Safe Harbor Decision

Posted in Enforcement, International Privacy Law
In the weeks since the October 6, 2015, Court of Justice of the European Union decision (“CJEU Decision”) that invalidated the EU-U.S. Safe Harbor framework, companies have been faced with the quandary of establishing legal alternatives for transferring personal data from Europe to the U.S. We have discussed alternative data transfer mechanisms such as standard… Continue Reading

Safe Harbor Is Dead, Long Live Standard Contractual Clauses?

Posted in Enforcement, International Privacy Law
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European… Continue Reading

EU Expands Reach of National Data Protection Regulators

Posted in International Privacy Law, Online Privacy, Uncategorized
The central European countries of Slovakia and Hungary are divided by a common 420-mile-long border. But that dividing line, and other European national borders, may now be a little more blurred due to a key ruling by the Court of Justice of the European Union (CJEU). The ruling, perhaps somewhat overlooked due to all of… Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

Posted in Enforcement, International Privacy Law
As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the… Continue Reading

EU High Court Invalidates Safe Harbor Framework for Cross-Border Data Transfers

Posted in Enforcement, International Privacy Law
On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The Court’s decision effectively invalidates the European Commission’s “adequacy” determination with respect to the U.S.-EU Safe Harbor Framework,… Continue Reading

DOD Adopts Interim Cyber Rules As Claims of Chinese Cyber Attacks Continue

Posted in Cybersecurity, International Privacy Law
U.S. officials have blamed Chinese government-backed attackers for many of the recent cyber attacks on U.S. government and business computer networks: “Researchers and government officials have determined that the Chinese group that attacked the office [of Personnel Management] was probably the same one that seized millions of records held by the health care firms Anthem… Continue Reading

Federal Trade Commission Continues Its Enforcement Campaign Against False Safe Harbor Claims

Posted in Enforcement, International Privacy Law
Reiterating its commitment to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, the Federal Trade Commission announced on Monday that it has reached settlements with 13 companies alleged to have misled consumers either by claiming Safe Harbor membership despite never having applied, or by allowing their Safe Harbor certifications to lapse. A related FTC Business… Continue Reading

A Kinder, Gentler Spanish Data Protection Authority?

Posted in International Privacy Law
As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented… Continue Reading

Canada Moves Forward with Mandatory Federal Security Breach Notification Law

Posted in Data Breach Notification Laws, International Privacy Law
On June 18, 2015, the Canadian Minister of Industry announced that the Digital Privacy Act, which amends Canada’s foundational Personal Information Protection and Electronic Documents Act (PIPEDA), has received royal assent and is now law. Although the Act contains a number of provisions that are likely to impact organizations doing business in Canada, certain key… Continue Reading

A Deeper Dive: Risk Assessments Are a Necessary Step in Creating Layered Cyber Defenses

Posted in Cybersecurity, Incident Response, International Privacy Law
We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work… Continue Reading

Social Media’s Not For You—It’s About You: Risks for Organizations in a New Age of Sharing

Posted in Data Breaches, Information Governance, International Privacy Law, Mobile Privacy, Privacy Litigation, Social Media, Workplace Privacy
Social media and social networking, including websites and applications that allow users to create and share content, have become ubiquitous. Joining the social networking revolution may be very easy for individuals, but establishing best practices for organizations that want or need to be actively engaged with social media is not. Initial considerations tend to focus… Continue Reading

Bring Your Own Device (Everywhere): Legal and Practical Considerations for International BYOD Programs

Posted in Information Governance, International Privacy Law, Mobile Privacy, Privacy Litigation, Workplace Privacy
The cross-use of mobile devices for personal and professional purposes, commonly referred to as “Bring Your Own Device” or “BYOD”, is a relatively recent phenomenon that has created a host of legal and practical challenges for organizations of all sizes. Implementing a BYOD program is especially complex for companies that have employees who regularly travel… Continue Reading

Privacy or Politics? – Russia Seeks More Control Over its Citizens’ Personal Data

Posted in International Privacy Law
Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect personal data… Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is… Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European… Continue Reading

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Posted in Data Breaches, HIPAA/HITECH, International Privacy Law, Medical Privacy
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other administrative sanctions stemming from a breach incident affecting 13,336 Dual Eligible Medicare beneficiaries.  The breach incident occurred in September 2013 when Triple-S mailed to… Continue Reading

International Privacy – 2013 Year in Review – Africa

Posted in International Privacy Law
Authors: Gonzalo Zeballos, James Sherer, and Alan Pate South Africa On August 22, 2013, after four years of deliberation, the South African Parliament passed the first comprehensive data protection legislation in South Africa, the Protection of Personal Information (POPI) Bill. This Bill supports the existing right to privacy found in section 14 of the Constitution… Continue Reading

International Privacy – 2013 Year in Review – Asia

Posted in International Privacy Law
Authors: Gonzalo Zeballos, James Sherer, and Alan Pate Asian Data Privacy Updates  1.         China China’s Personal Information Protection Law Proposal was submitted to the State Council in 2008, which was followed by the Ministry of Industry and Information Technology’s non-binding Internet Information Services Market Order Provisions of 2011. However, little direct progress was made until… Continue Reading