Paul Hansford

Managing Associate

London


Read full biography at www.orrick.com
Paul Hansford is a managing associate in our Technology Companies Group in London. Array

Posts by: Paul Hansford

EU-US Privacy Shield may not be up after all

data privacy

Bad news for companies relying on transatlantic data flows as, once again, the transfer of personal data from Europe to the United States is called into question by the Article 29 Working Party (the “Working Party”), an influential committee of the EU privacy regulators. Ever since the EU-U.S. Safe Harbor Framework was declared invalid by the Court of Justice of the European Union in October 2015, companies have had to find alternative ways to legally transfer personal data. On 29 February 2016, the EU Commission proposed the “EU-U.S. Privacy Shield” as a replacement to the Safe Harbor Framework and a potential solution.

READ MORE

Safe Harbor 2.0: Political Agreement Reached – The EU-US Privacy Shield

Safe Harbor

The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”).  Heralded as the EU-US Privacy Shield (and colloquially referred to as, “Safe Harbor 2.0”), the framework should provide companies with clearer direction on safe transatlantic data transfer.

READ MORE

EU Reaches Agreement On New Data Protection Laws

After nearly 4 years of negotiations, yesterday evening the EU reached agreement on the final provisions of its new data protection laws. With it, a new era of data protection has been ushered in that will have far reaching consequences for organisations both inside and outside of the EU.

In January 2012, the European Commission put forward its proposals for data protection reform, which included text for a new General Data Protection Regulation. Following negotiations this year with the European Parliament and the Council (the so-called ‘trilogues’ meetings), the three institutions reached final agreement on the Regulation’s provisions late last night.

READ MORE

A Great Leap Forward: EU Soon to Have Broad Rules on Cybersecurity and Incident Reporting

European Union

On December 7, 2015, more than two and a half years after the first draft, the European Union Council finally reached an important, informal agreement with the Parliament on important network and information security rules (“NIS-Directive”) affecting companies across the EU.  The culmination of the European Commission’s Cybersecurity strategy effort that began in February 2013 with the European Commission’s proposed draft directive on measures to ensure a common level of network and information security.  Final adoption of the NIS-Directive will have several important consequences, including increased focus by Boards of Directors of cybersecurity risk, the need for companies to increase their investment in information security, to prepare and implement cybersecurity incident response plans, to conduct internal comprehensive investigations into the circumstances of a cybersecurity event in order to comply with forthcoming reporting obligations.

READ MORE

EU Commission to Update Decisions Authorising Personal Data Transfers to Certain Countries Outside the EU

international

Last Friday (6 November 2015) the EU Commission issued a communication on the transfer of personal data from the EU to the US under the Data Protection Directive following the judgment by the Court of Justice in the Schrems case.

In addition to providing some welcome support for the use of data transfer mechanisms such as Model Clauses and BCRs, the communication also contains an important statement from the Commission that it intends to update the decisions it has previously made authorising personal data transfers to certain countries outside of the EU.

READ MORE