-
JD Supra European Union › Davis Wright Tremaine LLP
31 results for JD Supra European Union › Davis Wright Tremaine LLP
-
EDPB Issues Draft Guidance on Post-Schrems II GDPR Compliant Data Transfers
Earlier this month, the European Data Protection Board (EDPB) issued its long-anticipated draft guidance on supplemental tools to ensure that data transfers out of the European Union (EU) to third countries comply with the GDPR.
-
Passport to Privacy: Lessons From EU Guidance on COVID-19 and Personal Data
Attempts by U.S. legislators to address the privacy issues raised by the ongoing COVID-19 pandemic have stalled. But for companies seeking to balance the goals of furthering public health and protecting individuals' privacy, the European Union is providing policy guidance that may be exportable.
-
EU High Court Invalidates EU-U.S. Privacy Shield
The Court of Justice of the European Union (CJEU) issued a long awaited opinion yesterday (July 16, 2020) in Data Protection Commissioner v. Schrems1 finding the EU-U.S. Privacy Shield inadequate for lawfully transferring the personal data of EU residents from the EU to the United States for commercial purposes.
-
EU Issues White Paper Outlining Framework for Regulating Artificial Intelligence
Proposes Risk-Based Framework for Potential AI Regulations - Less than three months after taking office, European Commission (Commission) President Ursula von der Leyden fulfilled her promise to articulate a framework for regulating Artificial Intelligence (AI).
-
Web-Based Email is Not a Telecom Service Under EU Law
Internet-based email services, such as Gmail, are not subject to European telecom regulation, the European Court of Justice has ruled. The decision is a partial setback for EU telecom regulators’ efforts to require OTT services to comply with telecom regulations.
-
OTT VoIP Calling Apps are Telecom Services under EU Law
Telephone calling apps, such as Skype, Viber and Google Hangouts, are subject to European telecom regulation, the European Court of Justice has ruled. Such services may now be required to comply with EU obligations that apply to traditional telephone services, such as registration, privacy, consumer protection and law enforcement access to user communications.
-
He’s Making a List. Will Regulators Check His Privacy Practices Twice?
Santa’s practice of monitoring behavior of children across the globe has been publically disclosed for decades, but the recent implementation of the EU General Data Protection Regulation (GDPR) and enactment of the California Consumer Privacy Act (CCPA) raise new questions about the lawfulness of Santa’s activities and rights of children when it comes to collection of data about their activities,
-
EU to Require Tech Firms to Provide Overseas Emails, Texts and Stored Data
New “e-Evidence Regulation” Gives Direct Police Access to Data Across EU Borders and Abroad - The European Union will require tech companies to provide data to European investigators stored in another EU country or even outside the EU under a new e-Evidence Regulation proposed by the European Commission on April 17.
-
2018 Predictions in Privacy & Security
Next year will be full of growing pains as both the public and private sector interpret, implement, and refine their efforts to comply with the GDPR. Large, multinational companies with a presence in the EU (and who are at the greatest risk of EU enforcement actions) will put pressure on their vendors across the globe to adopt practices compliant with the GDPR.
-
Time to Update Your Privacy Statement for GDPR
Although the EU General Data Protection Regulation comes into force in May 2018, European regulators are still producing guidance and member states are still adopting legislation to accommodate national differences. Put simply, it is unclear how to prepare for the GDPR in relation to some issues.
-
How to Use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick
Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick.
-
Data-Driven Marketing and the GDPR: the Data Brokers’ Conundrum
The digital marketing industry is powered by information about individuals (“personal data”) that pulses through a supply web. As this FTC infographic shows, some industries such as retail, energy, financial services, and health care, have direct relationships with those individuals. Other industries, such as data marketing, generally are at least one step removed. In fact, the most...
-
Is Your Business Ready to Wield the Privacy Shield?
Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare? Companies in the United States may be excited that the EU-U.S. Privacy Shield – the new trans-Atlantic data transfer compact approved by the European Commission on...
-
EU Data Supervisor: Privacy Shield Needs “Robust Improvements”
The push for the European Union and the United States to reopen negotiations over the EU-U.S. Privacy Shield may have just become a shove, due to a recent opinion released by the European Data Protection Supervisor (EDPS) assessing the data protections offered and recommending a series of substantial changes to the new data transfer framework. On May 30, the EDPS released...
-
EU Parliament: EU, U.S. Must Improve Privacy Shield
On May 26, 2016, the European Parliament passed a resolution (2016/2727 (RSP)) calling on the European Commission (EC) to reopen negotiations with the United States to improve perceived “deficiencies” in the EU-U.S. Privacy Shield, the successor trans-Atlantic data transfer arrangement drafted by the U.S. and the EU after the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU...
-
EU Publishes Final Text of GDPR
On May 4, 2016, the final version of the European Union’s General Data Protection Regulation (“GDPR”) was published in the Official Journal of the EU. The GDPR, which will replace the EU’s current Data Protection Directive, will enter into force on May 25, 2016; however, enforcement of the GDPR will not begin until May 25, 2018, giving businesses and other entities subject to EU privacy and data...
-
EU High Court Invalidates U.S.-EU Safe Harbor Framework
As has been widely reported, the U.S.-EU Safe Harbor – probably the most commonly used method for transferring personal data to the United States – has been invalidated by an EU court. The court’s decision has wide-ranging implications for data protection compliance for U.S. businesses and other organizations with activities in Europe.
-
EU Court Opinion Puts Pressure on Reform of U.S.-EU Safe Harbor for Data Transfers
A European court has taken an initial step toward invalidating the U.S.-EU Safe Harbor Framework, one of the primary means for transferring personal data of Europeans to the U.S. It adds more pressure on EU authorities and the U.S. government to update privacy protections under the Safe Harbor program.
-
The Fourth European Union Anti-Money Laundering Directive and Its Effects on Financial Institutions Operating in the EU
The Fourth European Union Anti-Money Laundering Directive (Fourth AML Directive), approved by the European Parliament on May 20, 2015, went into effect on June 25, 2015, repealing the 2005 Third AML Directive. Given the evolving nature of the money laundering and terrorist financing typologies, as well as the decade-old Third AML Directive in place, the Fourth AML Directive was not an unexpected...
-
Shooting the Messenger? Websites could face greater liability for third-party content in the EU
Three developments in the last two months suggest websites face greater liability for content authored by third parties in the European Union—including reader comments, posts on message boards and social networks, and search engine results.
-
Has Your Website’s EU Safe Harbor Expired?
FTC proposes twenty-year compliance program for two companies that have settled charges that they misrepresented that they are currently compliant with the US-EU Safe Harbor Framework. Does your company rely on the US-EU Safe Harbor Framework in order to transfer personal consumer data about EU residents outside of Europe?
-
U.S. Steps Up Efforts to Make “Safe Harbor Safe Again” – FTC, Justice Department Work to Keep EU Happy and Avoid Pull Back from Safe Harbor
Within the span of two days, both the Federal Trade Commission (FTC) and the U.S. Department of Justice announced initiatives meant to assuage the European Union’s concerns over trans-Atlantic data flows and to secure Europe’s future commitment to the U.S.-EU Safe Harbor initiative.
-
European Union’s Highest Court Rules Google Must Remove Links Containing Personal Data
In a significant and concerning decision, the European Court of Justice (“ECJ”) has endorsed the so-called “right to be forgotten” and ruled that, in some circumstances, search engines can be compelled to remove search result links to websites, news articles, court records and other documents that reveal truthful information about individuals — even when the information is not prejudicial and has
-
EU High Court Overturns Telecom Data Retention Requirements
The Court of Justice of the European Union, the highest court in the EU, declared the EU’s 2006 Data Retention Directive invalid in a judgment issued on April 8, 2014. The directive, which has been implemented via national legislation by most EU member states, requires telecommunications and Internet providers to collect and retain traffic and location data regarding users’ calls and Internet...
-
Data Protection Regulation Proposal Approved by the European Parliament
The European Parliament has finalized its version of the proposed Data Protection Regulation, which would substantially change personal data protection rules in the 31-country European Economic Area. The Parliament’s LIBE committee voted October 21 on a final package of amendments to the European Commission’s draft regulation in January 2012. After formal approval by the full Parliament,...
-
When Food Production Leads to Prosecution
Over the last few weeks, two big stories have made headlines in the food industry. Beginning in early February, news media across Europe began reporting that food products tested in several European countries contained horsemeat, purportedly marketed as beef. The reports also indicated that it was highly likely that consumers had eaten this mislabeled, and in some cases tainted, product. A few...
-
ECB Approves Oversight Expectations for Links Between Retail Payment Systems
On 23 November 2012 the Governing Council of the European Central Bank (ECB) approved the “Oversight expectations for links between retail payment systems”, which lay down Eurosystem oversight requirements with regard to links established by retail payment systems operating in the euro area.
-
EPC White Paper on Mobile Payments
The European Payments Council, a decision making body of the European banking industry, released a mobile payments white paper in October 2012. The white paper presents an overview on mobile payments for Single Euro Payments Area (SEPA) payment instruments, including detailed analysis of both mobile contactless and remote payments.
-
New Pop-Up Windows About Online Cookies Are Now Greeting Visitors To Popular UK-Based Websites. The Changes Are Part Of The Steps Being Taken To Comply With The New European Rules That Require Consent To The Setting Of Cookies.
New pop-up windows about online cookies are now greeting visitors to popular UK-based websites. The changes are part of the steps being taken to comply with the new European rules that require consent to the setting of cookies.
-
Europe Plans Significant Expansion in Data Protection Rights
On Jan. 25, 2012, the European Commission released the final version of its proposed revisions to the European Union’s data protection framework. The package of changes represents a comprehensive reform of the EU’s 1995 data protection rules. Significant changes include: • A “right to be forgotten,” which would give individuals a right to demand that user