in JD Supra European Union › Sheppard Mullin Richter & Hampton LLP
in vLex European Union

64 results for JD Supra European Union › Sheppard Mullin Richter & Hampton LLP

  • Companies Have Until March to Comment on EDPB Data Breach Notification Guidelines

    Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for controllers to supervisory authorities, whether such obligation has been triggered continues to present unique and complex questions in each specific security event. To help aid...

  • New Year, Same Transfers (for now): Temporary Brexit Deal Keeps EEA-UK Data Flowing

    Many in the world have been watching the Brexit deal closely, including privacy lawyers and others who deal with global data transfers. Under the recently-announced deal, a temporary solution will allow companies to continue to transfer data between the UK and European Economic Area (EEA) as normal during a short post-Brexit transition period. As many know, transfers of personal data are...

  • 2020 In Review: Dealing With Schrems II Fallout

    As 2020 comes to a close, we take this opportunity to look back at some of the more significant developments that we discussed in the blog this year. The first is the EU Court of Justice’s Schrems II decision, finding that the EU-U.S. Privacy Shield was not a valid mechanism for transferring personal data from the EU to the U.S. Related decisions came out of Switzerland and Israel.

  • Digital Platforms — New EU Regulations and Competition Law Tools

    The ever increasing market power and often criticised conduct of data driven platforms is not new, but lately the efforts to tackle these appear to have taken a decisive turn. We are now on the verge of new rules and tools to tackle the competition issues arising with the tech giants...

  • EU Seeking Comment on Revisions to Standard Contractual Clauses

    One of the methods US and EU companies rely on most frequently for the transfer of personal data from the EU to the US are standard contractual clauses. For the method to be acceptable as a valid basis for transfer of personal information, one critical step is for companies to use the version of the clauses as approved by the EU Commission. This has causes some confusion and concern, as the...

  • EDPB Sheds Post-Schrems II Light on Supplementary Measures for Data Transfers

    The EDPB recently published recommendations on additional security steps to take when transferring personal data out of the EU. As outlined in our previous series of posts, the EU found this summer that the EU-US Privacy Shield was an invalid mechanism for transferring personal information from the EU to the US. ...

  • NIST Seeking Comments on Draft AI Principles

    The National Institute of Standards and Technology has issue a set of draft principles for “explainable” artificial intelligence and is accepting comments until October 15, 2020. The authors of the draft principles outline four ways that those who develop AI systems can ensure that consumers understand the decisions reached by AI systems...

  • The European Commission Adopts White Paper on Foreign Subsidies – A Trend Towards Protectionism on a Global Level?

    As State aid measures granted by EU Member States continue to surge in the aftermath of the COVID-19 outbreak and ongoing pandemic, the European Commission (“Commission”) has turned to subsidies coming from non-EU countries.

  • CJEU Invalidates Privacy Shield, But Upholds SCCs with Conditions

    On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to the US. The CJEU concluded that the Standard Contractual Clauses (SCCs) are valid for the transfer of personal data outside the EU (which would include transfers to the US),...

  • Major Arbitral Institutions Update Guidance Regarding COVID-19

    Since our last update, a little over a month ago, many major arbitral institutions have updated their guidance regarding COVID-19 in light of the continuing impact of the pandemic on ongoing proceedings. Below we have included updated guidance from major arbitral institutions and expanded the chart to include a number of new institutions. Thirteen major arbitral institutions also issued a joint...

  • Using Mobile Apps and Location Data to Combat COVID-19

    A number of private and government entities have released apps and software development kits (SDKs) relying on location tracking data to help tackle the COVID-19 pandemic. While the use of such technologies are being hotly debated, commentary continues to emerge from the EU about developing such applications in compliance with EU data protection laws...

  • EDPB Announces Scope of COVID-19 Guidance

    Following its 20th plenary session on April 7, the European Data Protection Board (EDPB) selected geolocation and health data to focus on in its upcoming COVID-19 guidance. This follows in response to the EDPB’s earlier broad statement on the processing of personal data in the context of COVID-19...

  • COVID-19 is Not a “Get Out of Jail Free Card” from EU Competition Law

    The COVID-19 pandemic has triggered worldwide pandemonium and is disrupting business throughout all sectors. It is undeniably a major shock for the global economy. While the need for a coordinated response has been recognised at the highest levels in the EU, this does not mean that the application of competition law is suspended during the crisis...

  • COVID-19 Outbreak and Adjusted EU State Aid Control

    The unique EU State aid control law requires, in principle, prior notification by Member States and approval by the Commission of all State aid. During a time of crisis, like the COVID-19 pandemic, EU law allows for a flexible approach for approving urgent State aid. In this post, we discuss the current state of play in the EU and offer some general items to consider for undertakings receiving...

  • European Parliament Weighs in on Automated Decision-Making

    The European Parliament recently issued a resolution directed at the European Commission on its concerns with automated decision-making processes and artificial intelligence. While the EU Parliament addresses several areas of automated decision-making, the underlying theme of this resolution is that the Commission should ensure that there is transparency and human oversight of these processes...

  • EU is Taking Action: The Fight for Clean Air

    Public awareness regarding air pollution in the European Union is at an all-time high and citizens expect authorities to act. In this vein, the European Commission has recently taken a number of direct and indirect actions, including engagement of the Court of Justice of the EU, enforcement measures against car manufacturers and a Europe-specific “Green Deal,” to stem the tide of rising air...

  • New European Data Protection Board Guidance on Data Protection by Design and by Default

    The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address GDPR’s requirement that companies take “appropriate” technical and organizational steps to protect personal information and individuals. Part of the law’s requirements, according...

  • The Privacy Shield Survives Another EU Commission Review, For Now…

    The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to facilitate transfers of personal data from the EU to the US. It is reviewed annually by the EU Commission, as we have discussed in prior posts. That body did express concern with...

  • How to Steal $10 Billion from Europe

    Europe has come up with a nifty plan to help Iran buy and sell stuff outside the reach of U.S. sanctions. The problem is that the plan is a fraud magnet. How do we know? It’s been tried before, and the fraud was epic. The plan is known as the “Instrument in Support of Trade Exchanges,” or “INSTEX.” Lots of smart people have been involved in creating the program. Let’s hope they’re not too young...

  • Processor or Controller? It Really Depends

    The European Data Protection Board and the European Data Protection Supervisor recently issued a joint opinion on the processing of personal data and the role of the European Commission within the eHealth Digital Health Service Infrastructure. As background, the eHealth Network is a network of eHealth authorities designated by the EU member states. Its main purpose is ensure the continuity of...

  • International Arbitration, Investment Protection and EU State Aid Rules: the General Court of the EU Annuls the European Commission’s State Aid Decision in the Micula Case

    In a long-awaited ruling of June 18, 2019, the General Court of the EU (GCEU) annulled the European Commission’s State aid 2015 decision in the Micula case (joined cases T-624/15, T-694/15 and T-704/15). The factual background - Romania was in a very difficult economic, financial and social situation following the collapse of the communist regime in 1989. In its efforts to...

  • EDPB Seeks Comment On Online Services Guidance

    The European Data Protection Board is seeking comment about proposed guidelines that impact websites that provide online services. This might include services a user pays for, or where the fee is indirect (the services being funded through advertising dollars, for example)...

  • EU Objects to Game Companies Geo-blocking Video Games

    The European Commission has informed various game companies (platforms and publishers) of its preliminary view that the companies prevented consumers from purchasing video games cross-border from other Member States, in breach of EU competition rules. According to the Commissioner in charge of competition policy...

  • European Data Protection Board’s Priorities for 2019/2020

    The European Data Protection Board (EDPB) has released its priorities for 2019/2020 in its two-year “Work Program.” The EDPB is charged with issuing guidelines and opinions about GDPR, advising the European Commission about privacy-related issues, to help with the “consistent application” of GDPR, and to promote cooperation among the EU Member States’ supervisory authorities. Among the activities

  • Talk About Ironic: Brexit Group Fined Under EU-Related Privacy Regulations

    In an ironic twist, the British Information Commissioner’s Office (ICO) recently fined a Brexit advocacy group for violating regulations issued under an EU directive. The fines, totaling £120,000, were levied against Leave.EU and a related insurance company, Eldon Insurance, for sending marketing emails to each other’s subscribers without sufficient consent. Leave.EU had sent marketing emails to

  • Cyber Concerns Lead to EU Recall of a Connected Kids Devices

    Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their children...

  • EU and Japan Finalize Data Transfer Deal

    As we previously reported the EU and Japan reached a tentative deal last summer to ease data transfer restrictions between them. That deal has now been approved by both the European Commission and by Japan and is effective immediately. When the tentative deal was reached, Japan promised to add several new data protection safeguards. Those included new individual rights and limits on further...

  • Loan Syndication and EU Competition Law

    The intricate syndicated loan market has recently triggered attention from competition authorities internationally. Recently, the Spanish competition authority fined €91 million a syndicate of four Spanish banks. The Directorate General for Competition (DG COMP) of the European Commission launched a study on the topic in April 2017 (COMP/2017/008 – EU loan syndication and its impact on...

  • The Traps of a CFIUS Like EU FDI Screening Mechanism

    Finally, the much awaited harmonized screening framework of foreign investments into the EU (Regulation 2017/0224) has been agreed upon on 20 November 2018 by the EU Parliament, the Council and the Commission. The agreed package will ensure that the EU and its Member States are equipped to protect their “essential interests” while remaining “one of the most open investment regimes” in...

  • 2018 EU Trade, Regulatory and Competition Trends

    Our “trends for 2018” are only a selection of interesting developments to watch for in 2018. Within the political and legislative cycle of the European Union, 2018 promises to be an eventful year, given that it is the last full year before the 2019 EU elections when a new European Commission will be appointed and the European Parliament will hold new elections. This means, in practice,

  • Request a trial to view additional results