Alston & Bird (JD Supra European Union)
-
European Commission Publishes Long-Awaited New Standard Contractual Clauses
Today, the European Commission published finalized versions of new Standard Contractual Clauses (SCCs). The Commission has published two sets of clauses.
-
European High Yield: Green Bonds and Sustainability-Linked Bonds
The ESG bond market is growing by leaps and bounds, buoyed partly by the COVID-19 pandemic. Our Finance Group takes a look at some recent green and sustainability-linked bond offerings in the sub-investment-grade market and explores what they mean for the future.
-
LMA Updates Secondary Bank Debt Standard Terms & Conditions to Include EU Bail-In Provisions
Our Distressed Debt & Claims Trading Team discusses how the updates to the Loan Market Association’s Terms and Conditions incorporate European bail-in rules after Brexit. In conjunction with Brexit becoming effective on January 1, 2021, the Loan Market Association (LMA) updated its Standard Terms and Conditions for Par and Distressed Trade Transactions (Bank Debt/Claims). LMA bank debt trades...
-
Take Steps Now as EU Human Rights Diligence Requirements Take Form
As promised just six months ago, the European Union has drafted a proposal to require companies to perform environmental and human rights due diligence in supply chains. Our Environment, Land Use & Natural Resources Group details the proposed requirements and offers two steps companies operating in Europe can take now to prepare.
-
EDPB Emphasizes Joint Controllership between Social Media Providers and ‘Targeters’ in Draft Guidance
On September 7, 2020, the European Data Protection Board (‘EDPB’) published its draft guidelines on targeting of social media users (the ‘Guidelines’). The EDPB is accepting feedback from stakeholders on the Guidelines until October 19, 2020.
-
EDPB Publishes Draft Guidelines on the Concepts of Controller and Processor
The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor for public consultation. While its predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns have been raised since the entry into force of the General Data Protection...
-
European Parliament Committee Meeting Provides Insight into the Future of EU-US Personal Data Flows
On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In particular, the session was attended by Max Schrems, EU Commissioner for Justice Didier Reynders, and Andrea Jelinek (head of the European Data Protection Board – ‘EDPB’).
-
EDPB Guidance on the Schrems II Ruling: An Early Response to the Cry for Clarity
(This blog post summarizes Wim Nauwelaerts’ (Alston & Bird), Early EDPB Guidance in the Wake of Schrems II – Where E.U.-U.S. Data Transfers Are Headed, Cybersecurity Law Report, Aug. 5, 2020) - On July 23, 2020, the European Data Protection Board (EDPB) adopted its first set of guidelines on the Schrems II judgment of the Court of Justice of the European Union (CJEU).
-
EU Announces First Sanctions under EU Cyber Sanctions Regime
On July 30, 2020, the European Council announced sanctions against six individuals and three organizations for their involvement in a series of cyber-attacks that have caused significant damage in the EU and around the world over the last several years.
-
EDPB to Publish FAQs on Data Transfers
This morning, Germany’s Federal Data Protection Authority (DPA) announced that the European Data Protection Board (EDPB) has finalized an initial set of FAQs on international transfers in light of the recent Schrems II judgment. You can read our detailed analysis of the Schrems II judgment here.
-
EDPB Clarifies Brexit Obligations for Holders of Binding Corporate Rules Which Have the UK ICO as Their Lead Authority
On July 22, 2020, the European Data Protection Board (‘EDPB’) released an information note on Binding Corporate Rules (‘BCRs’), which provides guidance for groups of undertakings/enterprises which have the UK ICO as their competent supervisory authority (‘BCR Lead SA’).
-
European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment
On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard Contractual Clauses (SCCs).
-
EU DPAs Announce Post-Schrems Enforcement Plans
The European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past.
-
Schrems 2.0: CJEU invalidates EU-US Privacy Shield and Emphasizes Exporter Obligations When Using Standard Contractual Clauses
Executive Summary - The Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ Case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’).
-
How Does My Business Qualify for a Green Loan?
Putting the E in ESG. Continuing our dive into environmental, social, and governance (ESG) finance, our Finance Group considers the what, why, and how of the Green Loan Principles.
-
European Data Protection Board Clarifies Guidelines on Consent to Address ‘Cookie Walls’ and ‘Scroll-to-Accept’ Practices
On May 4, 2020, the European Data Protection Board (‘EDPB’) adopted updated guidelines on the meaning of ‘consent’ under the EU’s General Data Protection Regulation (‘GDPR’).
-
ESG During the Coronavirus Crisis – Should You Care?
ESG – environmental, social, governance – funds have weathered this current storm better than their competitors. Our London Finance Group investigates whether the strong performance of ESG funds is sustainable over the long haul.
-
COVID-19 Affects European Foreign Direct Investment Reviews: New EU Guidance Potentially Heralds Increased Protectionism
Our European Antitrust, Mergers & Acquisitions, and International Trade & Regulatory Groups examine changes in the way European competition authorities will review foreign direct investment (FDI) during (and potentially long after) the coronavirus pandemic.
-
EU State Aid Measures in the Fight Against COVID-19 Pandemic
Our European Antitrust Team examines changes in the way European Union state aid rules will be adapted to address financial difficulties caused by the coronavirus pandemic. - The European Commission has adopted a Temporary Framework that allows Member States to grant subsidies to firms.
-
COVID-19 Affects European Merger Control Reviews and Court Procedures: New Procedures and Delays
Our European Antitrust and Mergers & Acquisitions Groups examine changes in the way European competition authorities will review merger transactions during the coronavirus pandemic, as well as changes to English and European court procedures.
-
Competition Authorities Across Europe Relax Competition Law Enforcement During COVID-19 Outbreak
Our European Antitrust Team examines changes in the way European competition authorities will be enforcing competition rules during the coronavirus pandemic.
-
Schrems 2.0: Standard Contractual Clauses Declared Valid by EU Advocate General
The Advocate General’s Opinion of December 19, 2019 deemed valid the Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. Currently, many companies rely on SCCs as a mechanism for transferring personal data from the EU to non-EU countries in compliance with the GDPR.
-
FashionID: Another Big ECJ Facebook Case with Implications for the Entire Ad-Supported Internet
On July 29, 2019, the European Court of Justice (“ECJ”) issued its decision in the case of FashionID GmbH & Co. KG v. Verbraucherzentrale NRW. The ECJ found that websites that integrate Facebook plugins are jointly responsible for the data collected by those plugins and sent to Facebook.
-
The Coming Regulation of Artificial Intelligence? EU Publishes AI Guidelines
The European Commission High-Level Expert Group on Artificial Intelligence released on April 8, 2019 the final version of its Ethics Guidelines for Trustworthy AI (the “Guidelines”).
-
EU-Japan Mutual Adequacy Decisions Effective as of January 23, 2019
On January 23, 2019, the Personal Information Protection Commission of Japan (the “PPC”) and the European Commission (the “Commission”) jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent.
-
The Digital Download – EU Edition – Alston & Bird’s Privacy & Data Security Newsletter – October 2018
EU Updates - Applying GDPR Experiences to the CCPA - Alston & Bird recently issued an advisory entitled “Applying GDPR Process Lessons to the CCPA,” authored by Jim Harvey and Karen Sanzaro.
-
Applying GDPR Process Lessons to the CCPA
Our Privacy & Data Security Group applies five lessons learned from preparing for Europe’s carefully crafted General Data Protection Regulation to California’s hastily adopted Consumer Privacy Act.
-
Japan and EU agree on Terms of Reciprocal Adequacy for Data Transfers
On July 17, the European Commission (the “Commission”) announced that the European Union and Japan successfully concluded talks on reciprocal adequacy and agreed to recognize each other’s data protection systems as equivalent. In its press release, the Commission explains that this adequacy agreement will create “the world’s largest area of safe transfers of data based on a high level of...
-
European Parliament Calls to Suspend Privacy Shield
On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018.
-
The Digital Download - Alston & Bird’s Privacy & Data Security Newsletter - June 2018
Features - Updates on the GDPR and EU - German DPAs Issue DPIA Blacklists; Many Companies Likely to Be Affected - One of the GDPR’s core going-forward obligations is the duty to conduct data protection impact assessments (DPIAs) on processing activities that create a “high risk” to individuals’ privacy and the safeguards that have been implemented to protect individuals’ privacy.