Data Transfer

EU Commission to Update Decisions Authorising Personal Data Transfers to Certain Countries Outside the EU

international

Last Friday (6 November 2015) the EU Commission issued a communication on the transfer of personal data from the EU to the US under the Data Protection Directive following the judgment by the Court of Justice in the Schrems case.

In addition to providing some welcome support for the use of data transfer mechanisms such as Model Clauses and BCRs, the communication also contains an important statement from the Commission that it intends to update the decisions it has previously made authorising personal data transfers to certain countries outside of the EU.

READ MORE

German DPAs Add Further Pressure to EU-US Data Transfers

International Privacy Law

Yesterday, German federal and state (Länder) data protection authorities (“DPAs”) issued a Position Paper following the recent Court of Justice of the European Union (“CJEU”) ruling that struck down the EU-US Safe Harbor Framework. Read an unofficial translation of the German Position Paper here.

Unfortunately, the Position Paper does little to relieve the pressure many organisations are now facing in relation to their cross-Atlantic data transfer mechanisms, particularly those used to transfer data from Germany to the United States.[1] READ MORE

PRIVACY POLICIES AND THE SALE OF CORPORATE ASSETS: It pays to plan ahead to preserve the value of your data assets

privacy policy

Personal data is a valuable corporate asset.  At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset.  Unfortunately, when a company attempts to sell this asset, it can find the value of the data significantly diminished due to promises made in a privacy policy the company implemented years before it ever contemplated such a sale.

READ MORE

EU Working Party Issues Statement on CJEU’s Invalidation of Safe Harbor Framework

Safe Harbor

The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer mechanisms.

READ MORE

US–EU Safe Harbor – Struck Down!

safe harbor

1. CJEU finds Safe Harbor Invalid

In a landmark ruling delivered today, Europe’s highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission’s US – EU Safe Harbour regime is invalid.  Now over 4400 US entities that rely on Safe Harbor and their millions of EU based customers, partners and affiliates face the prospect of personal data transfers between them being unlawful.

You can read about the background to the decision and commentary on the CJEU ruling towards the end of this alert.  However, important commercial implications arising from the decision and what businesses should be thinking about now are discussed directly below.

READ MORE

Fines Issued for Transfer of Customer Data in an M&A Asset Deal

Recent enforcement actions by the Bavarian Data Protection Authority (DPA) [Bayerisches Landesamt für Datenschutzaufsicht] highlight the importance of severe restrictions placed on the transfer of such data, even in the context of a merger/acquisition deal scenario. Specifically, on July 30, 2015 the Bavarian DPA announced that it has fined two companies, both the seller and the acquirer, in an asset deal with a five figure EUR sum for transferring customer e-mail-addresses collected during operating an online shop in violation of the German Federal Data Protection Act. Clients should expect to see more of these actions in the future, given the Bavarian DPA’s announcement that it will pay increased attention to data protection compliance in asset deals and shall accordingly monitor and fine the companies breaching the legal requirements with more persistence.

READ MORE

(Un)Safe Harbor and Cloud Services in Germany Under Scrutiny

On Wednesday, Jan. 29, 2015, Berlin Data Protection Commissioner Dr. Alexander Dix, speaking at the European Data Protection Conference in Berlin, made a number of important announcements regarding the EU/U.S. Safe Harbor Program and U.S. cloud services provided in the EU. These announcements may have significant negative effects on U.S. companies doing business and offering such services in Germany.

READ MORE