JD Supra European Union › Mintz Privacy & Cybersecurity Viewpoints

• JD Supra European Union

The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal data from the EEA to non-EEA countries (known as “third countries”). In a nutshell, the new SCCs have finally caught up with the GDPR, which came into effect nearly two and a

• JD Supra European Union

US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of transferring personal data from the EU to the US. The European Data Protection Board (EDPB) has now published its long-awaited guidance as to what it expects organizations to do to...

• JD Supra European Union

Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2 risks in the workplace. On top of extraordinarily urgent efforts to limit the spread of the novel coronavirus while maintaining as much business continuity as possible, companies have legitimate...

• JD Supra European Union

The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity. The revised Guidelines do provide a few...

• JD Supra European Union

The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline.  Should US companies that rely on Privacy Shield panic?

• JD Supra European Union

In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged, but the new Regulation imposes many new obligations on many more entities – all backed up by fines modeled on European antitrust laws. US Life...

• JD Supra European Union

The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data Protection Regulation. The Commission’s website contains some infographics to help readers get to grips with the key points of the GDPR. It also contains Q&A and examples that may be helpful in...

• JD Supra European Union

One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent. For many years, companies operating in the EU (as elsewhere) have relied heavily on user consent to achieve compliance with the relevant data protection and direct marketing laws. When the GDPR was first published,...

• JD Supra European Union

Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance. The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European Data Protection Board, is busy drafting and issuing guidance documents to help organizations understand how European data protection authorities will interpret...

• JD Supra European Union

Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first complaint resulted in the invalidation of Safe Harbor) has been referred to the EU’s highest court, via a 153-page Irish High Court decision that provides ample ammunition to...

• JD Supra European Union

The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. One crucial aspect you need to be thinking about now is how your organization collects and manages consents from individuals for processing their personal information. Without a strong

• JD Supra European Union

The certification forms for the new US-EU Privacy Shield Framework are now available online. What is not easily discernible in the workflow is the fee structure. One needs to refer back to the Federal Register’s implementation notice, published July 22. To save our readers the trouble, here is the “cost recovery program”...

• JD Supra European Union

The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up of representatives of each of the EU’s national data protection authorities.

• JD Supra European Union

The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will need to complete a new internal review, self-certification and registration to take advantage of Privacy Shield.

• JD Supra European Union

Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and more secure environment for the entire online community. To this end, on July 6, 2016, the European Parliament adopted the Network and Information Security (“NIS”) Directive...

• JD Supra European Union

The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented on July 11th to the LIBE committee of the European Parliament. LIBE’s vote is advisory, but it may provide some early indications as to how well Privacy Shield will survive anticipated legal attacks once it is formally adopted and implemented.

• JD Supra European Union

While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The Commission is still scrambling to address the concerns raised by the Article 29 Working Party and the European Data Protection Supervisor concerning the Privacy Shield arrangements that the Commission

• JD Supra European Union

We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018.

• JD Supra European Union

UPDATE: The Article 29 Working Party has released surprisingly brief comments on Privacy Shield. Consistent with the press briefing held on April 13, 2016, WP29 has concluded that Privacy Shield falls short without providing specific guidance as to what, exactly, an acceptable version of Privacy Shield would look like.

• JD Supra European Union

Now that the EU Commission has published the complete version of its draft decision adopting the EU-US Privacy Shield program, it’s time for the key reviewers to dig in. I don’t mean the lawyers, or EU privacy advocates, or US businesses, although their views will no doubt be wide-ranging and illuminating. But no, the really important reviewers are the members of the Article 29 Working Party.

• JD Supra European Union

The European Commission has finally made the draft text of the EU-US Privacy Shield program available... The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will replace the Safe Harbor program that was struck down last autumn by the Court of Justice of the EU.

• JD Supra European Union

As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in Europe. Free apps typically involve the offer of a service (the app) in exchange for access to personal data (whatever data the app siphons off from my phone, for example, per the terms of use that...

• JD Supra European Union

The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.” The new accord still needs to be reviewed by the Article 29 Working Party and the College of Commissioners, but assuming it remains substantially the same, we can expect the following...

• JD Supra European Union

No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend. Commissioner Jourova, who is leading the Safe Harbor 2.0 negotiations for the EU, reported on the negotiation’s status last evening to LIBE, the European Parliament committee that oversees privacy matters. While reporting that substantial progress has been...

• JD Supra European Union

The European Court of Human Rights recently ruled in Barbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal messages in the employee’s Yahoo! Messenger account.

• JD Supra European Union

As expected, on December 17, 2015, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted to adopt the new General Data Protection Regulation. A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.” The vote was 48 for the GDPR, 4 against, and 4 abstentions. The GDPR

• JD Supra European Union

The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation. The official version will be available early in 2016, but we will be reviewing the details that have been made available so far and providing further information here over the next couple of days. We’ll start with the bottom line: the maximum...

• JD Supra European Union

The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to sign up for social media services and apps. As much consternation as that will cause at the breakfast table, it’s really the...

• JD Supra European Union

And the days dwindle down, to a precious few … November … We are still following developments in the EU relating to the invalidation of the US-EU Safe Harbor Framework.

• JD Supra European Union

EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a new Safe Harbor program. Jourova noted that the collection and use of European personal data for US national security purposes remains a key open issue. However, she also...