Tag Archives: EU

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

Privacy Shield Developments and UK Data Transfers Post-Brexit

With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision.  On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States.  According … Continue Reading

Safe Harbor Is Dead, Long Live Standard Contractual Clauses?

For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the aftermath of the recent invalidation of the Safe Harbor Framework by the Court of Justice of the European … Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the … Continue Reading

EU High Court Invalidates Safe Harbor Framework for Cross-Border Data Transfers

On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The Court’s decision effectively invalidates the European Commission’s “adequacy” determination with respect to the U.S.-EU Safe Harbor Framework, … Continue Reading

A Kinder, Gentler Spanish Data Protection Authority?

As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented … Continue Reading

Proposed Amendment to EU Privacy Regulations May Force Choice Between Violating US and EU Law

Authored by Gerald Ferguson and Alan M. Pate On Monday, October 21, 2013, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted to approve an amended version of the proposed EU General Data Protection Regulations.  Included in the compromise package is Article 43a, a provision that restricts controllers or processors of … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading

Recent Updates in International Data Privacy Law

EU Information Security Agency Recommends Clear and Broad Interpretation of Data Breach Requirements On August 27, 2012, the European Network and Information Security Agency (ENISA) issued a paper, “Cyber Incident Reporting in the EU,” which analyzes the current state of EU legislation covering data breaches. It observes that many breaches remain undetected and, even if … Continue Reading

Mobile App and Geolocation Data Roundup

A recent national survey of smartphone users, not surprisingly, revealed that privacy, transparency, choice, and control are important considerations for users.  Indeed, many users indicated that they want more choices and easier access to controls regarding advertising tracking and geolocation data.  Legislators and consumer advocacy groups are taking heed. On May 10, 2011, the Senate … Continue Reading
LexBlog