Womble Bond Dickinson (JD Supra European Union)

Stung by Brexit and set adrift by a neglectful U.S. foreign policy, the European Union has started to explore new ways of breaking away from the rest of the world, including taking steps to cordon EU data into locally managed systems. While this kind of protectionist move is short-sighted for the EU, it would also cause significant problems for U.S. businesses.

The risk of a "no deal" Brexit on 12 April has been averted by the EU Council's offer to extend the Article 50 deadline to 31 October 2019. However, to ensure that the extension is not subject to legal challenge in the UK, the government must rely on a procedural change made by the EU (Withdrawal) Act 2019 which, as the "Cooper-Letwin" Bill, the government strenuously opposed.

It would be tempting to table a motion suggesting that the House of Commons should go to rehab – just to find out whether its answer would be "no, no, no". The second round of "indicative votes" on April 1st failed to produce majority support for any of the four proposals put to the vote. While the business motion governing the procedure allows for a further round of indicative votes on April 3

In this reprint of his 2014 article, Rick leveraged his past working relationship to Jean Claude Juncker to accurately predict the unprecedented tax policy success of the Juncker Commission. Jean-Claude Juncker, president-elect of the European Commission, on September 10 announced the 27-member Cabinet for his five-year term that begins in November...

The European Commission has published its Contingency Action Plan for a “No Deal” Brexit. The contingency plan seeks to mitigate significant adverse effects, but the Commission's paper emphasizes...

Background on the Anti-Tax Avoidance Directive - On January 1, 2019, the EU Anti-Tax Avoidance Directive (“ATAD”) went into effect for all 28 Member States. ATAD is the European Commission’s response to the relevant Action Plans of the base erosion profit shifting (“BEPS”) project of the Organization of Economic Cooperation and Development (“OECD”). There are 3 BEPS-related rules in ATAD plus...

You may be paying for cyber insurance that will not cover the most significant cyber risks faced by your business. Recent studies call into question whether a company can insure against the unprecedented huge fines for violating the complex and vague EU privacy law, the General Data Protection Regulation (GDPR)...

The public perception is well-established now that international rules are unfit when it comes to taxing digital companies such as Amazon, Google or Apple in Europe. In light of this consensus, the European Commission published in March three significant proposals to advance the global policy debate on this issue. Included among these proposals is the so-called Digital Services Tax (DST). ...

The EMA will be launching Phase 3 of its business continuity plan on October 1, 2018 at the latest, however, the detail of the plan will now be impacted by the EMA announced this week that it has realized that it will lose more staff than initially anticipated. It will need to scale back its activities significantly – which will impact stakeholders, especially pharmaceuticals companies looking to

Throughout history, people have waged sectarian fights to protect their beliefs. The Europeans, sitting at a crossroads of two major religions charged with converting the unenlightened, have a particularly combative past. The belief that privacy is a fundamental human right is currently held as an essential tenet for managing European society... Originally published in Business Law Today on

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

6 Months To Go The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

7 Months To Go - The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor contracts in compliance with the GDPR. 1. Do we need to amend our existing vendor contracts? If you answer “yes” to the questions below, then you will be required to update your

A major change with the GDPR is that data processors now have direct legal obligations under EU privacy law. This is a significant shift from the current EU Directive which only directly obligates the data controllers. Non-compliant data processors face significant fines of up to 4% of global annual turnover or 20,000,000 euros, whichever is higher, and may be directly liable to individuals for...

Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies. Follow our five-step flowchart below to see if you need to designate a DPO... Please see full publication below for more information.

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU. The Directive did not regulate US businesses unless the collection or processing occurred within the EU (e.g., if a US-ba

In a highly integrated economy like Europe’s, cross-border litigation is common. Oftentimes, a suit may be brought in a court in one EU country against a defendant with assets in many EU countries, so that a judgment from that court may need to be enforced in many countries. Unfortunately, enforcing foreign judgments can be expensive and difficult. Today, an EU regulation known as “Recast...

Following European Commission adoption of the Privacy Shield on July 12, 2016, and with Privacy Shield self-certification poised to open for business organizations on August 1, 2016 as a replacement for the invalidated EU-U.S. Safe Harbor mechanism, U.S. businesses are actively evaluating the commitments they will need to make to self-certify (and to annually re-certify) under the Privacy Shield...

After months of uncertainty, the U.S. again has a framework of rules to follow that will govern U.S. business’ use of EU residents’ data. The European Commission approved the text of the EU-U.S. Privacy Shield (the “Privacy Shield”) today. The Privacy Shield effectively replaces the EU-U.S. Safe Harbor mechanism, which was struck down in October of 2015. As with Safe Harbor, companies can self-cer

The June 23, 2016 Brexit referendum outcome in the U.K. does create uncertainty about whether the U.K. will continue to follow EU data protection laws, including implementation of the E.U.'s new General Data Protection Regulation (“GDPR”), scheduled to become effective on May 25,2018. Furthermore, the recently negotiated new U.S./E.U. Privacy Shield, intended to replace the E.U.-invalidated Safe...

European privacy law is a bold new world for U.S. businesses doing business in Europe. An October Court of Justice ruling struck down the Safe Harbor arrangement which had governed E.U.-U.S. data transfer transactions for years. European officials said the U.S. wasn’t doing enough to safeguard the personal data of European citizens and that increased protections were needed. European Union...

The U.S. and EU are one step closer to implementing the new EU-U.S. Privacy Shield. On March 1, 2016, the European Commission and U.S. Department of Commerce announced the release of the legal texts that will put in place the EU-U.S. Privacy Shield, a new framework of rules governing transatlantic data flow.

United States and European Union officials have reached a last-minute agreement in an attempt to salvage the US-EU Data Transfer Safe Harbor, nearly four months after the European Court of Justice issued an opinion undermining the US-EU Safe Harbor Framework and US companies’ ability to rely on the mechanism. For months, US companies have been grappling with the uncertain status of the US-EU Safe

A major European court has just pulled the rug out from under nearly 5,000 US companies, snatching away the relative business certainty of the Data Transfer Safe Harbor, and maybe the safety of standard contract clauses and binding corporate rules as well. Now a company must meet the specified rules of each EU country in which it collects relevant data.