CJEU

EU-U.S. Privacy Shield: Companies Can Now Certify

Privacy Shield

As of, August 1st, 2016, U.S. companies can now join the Safe Harbor successor EU-U.S. Privacy Shield (the “Privacy Shield”) for personal data transfers from the EU to the U.S.

This post gives a high level summary of what companies should consider with the Privacy Shield.

Background:

On July 12, 2016, the European Commission (the “Commission”) formally adopted the adequacy decision necessary to implement the Privacy Shield. This means that transfers of personal data from the EU to the U.S. that are made pursuant to the Privacy Shield’s requirements are lawful under EU law.  The Privacy Shield replaces the EU-U.S. Safe Harbor Framework, which was invalidated by the Court of Justice of the European Union (“CJEU”) on October 6, 2015.

READ MORE

German DPAs Add Further Pressure to EU-US Data Transfers

International Privacy Law

Yesterday, German federal and state (Länder) data protection authorities (“DPAs”) issued a Position Paper following the recent Court of Justice of the European Union (“CJEU”) ruling that struck down the EU-US Safe Harbor Framework. Read an unofficial translation of the German Position Paper here.

Unfortunately, the Position Paper does little to relieve the pressure many organisations are now facing in relation to their cross-Atlantic data transfer mechanisms, particularly those used to transfer data from Germany to the United States.[1] READ MORE

EU Working Party Issues Statement on CJEU’s Invalidation of Safe Harbor Framework

Safe Harbor

The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer mechanisms.

READ MORE

California Updates its Data Breach Notice Statute (Again)—What You Need to Know

California

On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years.  The news was quickly overshadowed by the CJEU’s decision invalidating the US-EU Safe Harbor Framework on the same day, but the California law amendments should not be overlooked.  The amendments, which update Cal. Civ. Code § 1789.29 (for state agencies) and § 1789.82 (for businesses), were part of a legislative “package deal” of three separate bills mandating a new breach notice format (S.B. 570), defining “encryption” (A.B. 964), and expanding the definition of “personal information” and clarifying substitute notice requirements (S.B. 34).  The amendments will take effect on January 1, 2016.

READ MORE