-
JD Supra European Union › Mintz Privacy & Cybersecurity Viewpoints
61 results for JD Supra European Union › Mintz Privacy & Cybersecurity Viewpoints
-
European Commission Publishes Proposed New Data Transfer Agreement
The European Commission has just published a consultation draft of the long-promised updated version of the Standard Contractual Clauses (SCCs). The SCCs are the most commonly used legal mechanism for transferring personal data from the EEA to non-EEA countries (known as “third countries”). In a nutshell, the new SCCs have finally caught up with the GDPR, which came into effect nearly two and a
-
EU Data Protection Regulators Issue Critical Draft Guidance on Personal Data Transfers
US companies and other organizations whose activities involve the use of personal information from Europe were unsettled by the EU Court of Justice’s July 2020 Schrems II decision that cast doubt on the lawfulness of transferring personal data from the EU to the US. The European Data Protection Board (EDPB) has now published its long-awaited guidance as to what it expects organizations to do to...
-
Coronavirus and Data Protection in the Workplace: The EDPB provides key guidance for companies with employees in Europe
Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2 risks in the workplace. On top of extraordinarily urgent efforts to limit the spread of the novel coronavirus while maintaining as much business continuity as possible, companies have legitimate...
-
Revised Guidelines on the Territorial Scope of the GDPR and Local Representatives
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago. The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity. The revised Guidelines do provide a few...
-
European Parliament Sets a Deadline for Reforming Privacy Shield – But Don’t Panic (Yet)
The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline. Should US companies that rely on Privacy Shield panic?
-
Practical GDPR Steps for US-Headquartered Life Sciences Companies
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged, but the new Regulation imposes many new obligations on many more entities – all backed up by fines modeled on European antitrust laws. US Life...
-
GDPR – European Commission Unveils Guidance Website
The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data Protection Regulation. The Commission’s website contains some infographics to help readers get to grips with the key points of the GDPR. It also contains Q&A and examples that may be helpful in...
-
Consent under the GDPR: Official Guidance Now Available
One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent. For many years, companies operating in the EU (as elsewhere) have relied heavily on user consent to achieve compliance with the relevant data protection and direct marketing laws. When the GDPR was first published,...
-
Key GDPR Guidance on Behavioral Advertising, Profiling and Automated Decision-Making
Spoiler Alert: Behavioral advertising companies will find some bad news in the guidance. The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European Data Protection Board, is busy drafting and issuing guidance documents to help organizations understand how European data protection authorities will interpret...
-
Will the EU box itself in? Fate of Standard Contractual Clauses (aka the Model Clauses) for personal data transfers is now in the hands of the EU’s highest court
Executive summary: The EU’s standard contractual clauses may be on the fast track to invalidation, putting a vast number of personal data transfers from the EEA at risk. A case brought by Maximilian Schrems (whose first complaint resulted in the invalidation of Safe Harbor) has been referred to the EU’s highest court, via a 153-page Irish High Court decision that provides ample ammunition to...
-
It’s Not Too Early! ICO Guidance Regarding Consent Under GDPR
The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. One crucial aspect you need to be thinking about now is how your organization collects and manages consents from individuals for processing their personal information. Without a strong
-
“Privacy Shield” Open For Business – Fees?
The certification forms for the new US-EU Privacy Shield Framework are now available online. What is not easily discernible in the workflow is the fee structure. One needs to refer back to the Federal Register’s implementation notice, published July 22. To save our readers the trouble, here is the “cost recovery program”...
-
Privacy Shield: The National Data Protection Authorities Hold Fire
The Article 29 Working Party (WP29) has released a brief updated statement on the final form of the Privacy Shield adequacy decision and supporting annexes. WP29 is an important advisory group made up of representatives of each of the EU’s national data protection authorities.
-
Privacy Shield is Finally Official
The EU Commission has formally adopted Privacy Shield and the US Department of Commerce will go live with a new Privacy Shield registration website on August 1. US companies that had been registered under Safe Harbor will need to complete a new internal review, self-certification and registration to take advantage of Privacy Shield.
-
EU Adopts Cybersecurity Directive: What US Companies Need to Know
Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and more secure environment for the entire online community. To this end, on July 6, 2016, the European Parliament adopted the Network and Information Security (“NIS”) Directive...
-
Privacy Shield Passes Art. 31 Hurdle; European Parliament LIBE Committee Advisory Vote July 11, 2016
The final version of Privacy Shield (which has not yet been officially published) passed the Article 31 Committee vote on July 8th and is being presented on July 11th to the LIBE committee of the European Parliament. LIBE’s vote is advisory, but it may provide some early indications as to how well Privacy Shield will survive anticipated legal attacks once it is formally adopted and implemented.
-
EU Privacy Shield Status Update
While it’s making few headlines, the European Commission is still working to finalize Privacy Shield, and it’s even possible that Privacy Shield will pass a key hurdle by the end of this month. The Commission is still scrambling to address the concerns raised by the Article 29 Working Party and the European Data Protection Supervisor concerning the Privacy Shield arrangements that the Commission
-
Save the Date: GDPR goes into effect May 25, 2018
We now have a precise date for the European Union’s General Data Protection Regulation to go into effect: May 25, 2018.
-
Key EU Advisory Body Declines to Support Privacy Shield
UPDATE: The Article 29 Working Party has released surprisingly brief comments on Privacy Shield. Consistent with the press briefing held on April 13, 2016, WP29 has concluded that Privacy Shield falls short without providing specific guidance as to what, exactly, an acceptable version of Privacy Shield would look like.
-
Key Review of Privacy Shield Coming in Six Weeks
Now that the EU Commission has published the complete version of its draft decision adopting the EU-US Privacy Shield program, it’s time for the key reviewers to dig in. I don’t mean the lawyers, or EU privacy advocates, or US businesses, although their views will no doubt be wide-ranging and illuminating. But no, the really important reviewers are the members of the Article 29 Working Party.
-
EU-US Privacy Shield Agreement Published
The European Commission has finally made the draft text of the EU-US Privacy Shield program available... The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will replace the Safe Harbor program that was struck down last autumn by the Court of Justice of the EU.
-
Will free apps soon be dead in Europe?
As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in Europe. Free apps typically involve the offer of a service (the app) in exchange for access to personal data (whatever data the app siphons off from my phone, for example, per the terms of use that...
-
Commission Press Release and FTC Fact Sheet outlines the new EU-US “Privacy Shield”
The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.” The new accord still needs to be reviewed by the Article 29 Working Party and the College of Commissioners, but assuming it remains substantially the same, we can expect the following...
-
EU update: Safe Harbor 2.0 deadline passes without agreement; Art. 29 WP views on BCRs and model clauses expected February 3, 2016
No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend. Commissioner Jourova, who is leading the Safe Harbor 2.0 negotiations for the EU, reported on the negotiation’s status last evening to LIBE, the European Parliament committee that oversees privacy matters. While reporting that substantial progress has been...
-
The Exception that Proves the Rule? European Court of Human Rights Okays Employer’s Access to Personal Communications of Employee In (Highly) Limited Circumstances
The European Court of Human Rights recently ruled in Barbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal messages in the employee’s Yahoo! Messenger account.
-
Key EU Parliamentary Committee Votes to Adopt the General Data Protection Regulation
As expected, on December 17, 2015, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted to adopt the new General Data Protection Regulation. A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.” The vote was 48 for the GDPR, 4 against, and 4 abstentions. The GDPR
-
At long last . . . the EU General Data Protection Regulation negotiations have wrapped up
The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation. The official version will be available early in 2016, but we will be reviewing the details that have been made available so far and providing further information here over the next couple of days. We’ll start with the bottom line: the maximum...
-
The General Data Protection Regulation in Bullet Points
The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to sign up for social media services and apps. As much consternation as that will cause at the breakfast table, it’s really the...
-
Privacy Tuesday - November 2015: EU/Safe Harbor Updates
And the days dwindle down, to a precious few … November … We are still following developments in the EU relating to the invalidation of the US-EU Safe Harbor Framework.
-
EU Round-UP: Safe Harbor 2.0 and Upcoming National Challenges
EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a new Safe Harbor program. Jourova noted that the collection and use of European personal data for US national security purposes remains a key open issue. However, she also...