Archives: International Privacy Law

Subscribe to International Privacy Law RSS Feed

Privacy Shield Developments and UK Data Transfers Post-Brexit

With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision.  On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States.  According … Continue Reading

Companies Face Uncertainty as Privacy Shield Encounters New Hurdles

The Privacy Shield, proposed this past February and greeted with cautious optimism by European and U.S. regulators alike as a more robust “replacement” for the invalidated Safe Harbor framework, appears to be suffering death by a thousand paper cuts. Today’s European Parliament resolution (the “Resolution”) delivered the latest blow. The Resolution recommends that the European … Continue Reading

Privacy Shield Update: A Recap of Recent Developments

On April 13, 2016, the Article 29 Working Party (WP29), an influential group of European data protection authorities, issued a non-binding opinion that criticized certain elements of the fledgling Privacy Shield framework. Although the Privacy Shield remains in limbo at this time, a flurry of speculation and Shield-adjacent legal maneuvers have colored the landscape and … Continue Reading

U.S. Companies May Risk Liability Under Canadian Anti-Spam Law

U.S. companies may soon risk litigation for failing to comply with the provisions of Canada’s anti-spam law (CASL) in their electronic communications to Canadian consumers. While this anti-spam law has been in force since 2014, its provisions permitting a private right of action become effective on July 1, 2017. Even companies with no operations in … Continue Reading

Safe Harbor Part Deux: The Privacy Shield

This week began like many. An arbitrary deadline came and went – this one, January 31, 2016, was set by the Article 29 Working Party for European and United States regulators to address the void created by the invalidation of the Safe Harbor Framework for EU-U.S. data transfers in the Schrems decision back in October. … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading

German Data Protection Authorities Limit Use of Alternative Data Transfer Mechanisms in Light of Safe Harbor Decision

In the weeks since the October 6, 2015, Court of Justice of the European Union decision (“CJEU Decision”) that invalidated the EU-U.S. Safe Harbor framework, companies have been faced with the quandary of establishing legal alternatives for transferring personal data from Europe to the U.S. We have discussed alternative data transfer mechanisms such as standard … Continue Reading

Safe Harbor Is Dead, Long Live Standard Contractual Clauses?

For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European … Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the … Continue Reading

EU High Court Invalidates Safe Harbor Framework for Cross-Border Data Transfers

On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The Court’s decision effectively invalidates the European Commission’s “adequacy” determination with respect to the U.S.-EU Safe Harbor Framework, … Continue Reading

DOD Adopts Interim Cyber Rules As Claims of Chinese Cyber Attacks Continue

U.S. officials have blamed Chinese government-backed attackers for many of the recent cyber attacks on U.S. government and business computer networks: “Researchers and government officials have determined that the Chinese group that attacked the office [of Personnel Management] was probably the same one that seized millions of records held by the health care firms Anthem … Continue Reading

Federal Trade Commission Continues Its Enforcement Campaign Against False Safe Harbor Claims

Reiterating its commitment to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, the Federal Trade Commission announced on Monday that it has reached settlements with 13 companies alleged to have misled consumers either by claiming Safe Harbor membership despite never having applied, or by allowing their Safe Harbor certifications to lapse. A related FTC Business … Continue Reading

A Kinder, Gentler Spanish Data Protection Authority?

As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented … Continue Reading

Canada Moves Forward with Mandatory Federal Security Breach Notification Law

On June 18, 2015, the Canadian Minister of Industry announced that the Digital Privacy Act, which amends Canada’s foundational Personal Information Protection and Electronic Documents Act (PIPEDA), has received royal assent and is now law. Although the Act contains a number of provisions that are likely to impact organizations doing business in Canada, certain key … Continue Reading

A Deeper Dive: Risk Assessments Are a Necessary Step in Creating Layered Cyber Defenses

We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work … Continue Reading

Social Media’s Not For You—It’s About You: Risks for Organizations in a New Age of Sharing

Social media and social networking, including websites and applications that allow users to create and share content, have become ubiquitous. Joining the social networking revolution may be very easy for individuals, but establishing best practices for organizations that want or need to be actively engaged with social media is not. Initial considerations tend to focus … Continue Reading

Bring Your Own Device (Everywhere): Legal and Practical Considerations for International BYOD Programs

The cross-use of mobile devices for personal and professional purposes, commonly referred to as “Bring Your Own Device” or “BYOD”, is a relatively recent phenomenon that has created a host of legal and practical challenges for organizations of all sizes. Implementing a BYOD program is especially complex for companies that have employees who regularly travel … Continue Reading

Privacy or Politics? – Russia Seeks More Control Over its Citizens’ Personal Data

Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect personal data … Continue Reading

Privacy Law in a Nutshell

BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading
LexBlog