Privacy Shield

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Biden Budget Proposal Advances AI Priorities | Privacy World

US Regulators Lift the Curtain on Data Practices With Assessment, Reporting

The European Commission (the “Commission”) published today its draft adequacy decision for the US (the “Draft Decision”). This paves the way for an institutionalized personal data transfer mechanism across the Atlantic to emerge (and already raises the prospects of it being under scrutiny again).

If your pre- holidays’ workload (that also includes the transition of your old SCCs to the new ones, another transfer duty, does not allow you to read the full 134-page Draft Decision, here is a little tour of what you need to know before it becomes final (and this might still take some time).
Continue Reading Third Time Lucky or Schrems III? The European Union Data Pact with the US Moves One Step Closer (To Be Challenged – Again)

The deadline for updating standard contractual clauses (SCCs) falls on 27 December 2022, yet many organisations are still struggling to transition their legacy arrangements.

There are many reasons for this, including confusion around the paradigm shift that the new SCCs represent and the ever-evolving transfer landscape (from the developments towards a revised Privacy Shield to

Background

On October 7, 2022, US President Joe Biden signed the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Executive Order), introducing new safeguards to protect the personal data shared between the EU and the US.

The Executive Order is the first tangible step towards a new transatlantic framework for personal data transfers, following the March 25, 2022, joint announcement by the European Commission president, Ursula von der Leyen, and US President Biden that they had reached an agreement in principle on a successor to the Privacy Shield.

While details of the actual content leaked over time, here is a summary of what the Executive Order is providing, but, more importantly, what the signature of the order means, not only for those who will be able to certify to the revised Privacy Shield, but also for all others.
Continue Reading We Have an EO, but Not (Yet) a New Transfer Mechanism

On 25 March the US and EU announced “agreement in principle” on a new legal framework for GDPR-compliant transfers of EU personal data to the United States. The agreement reflects US commitment to implementing new safeguards designed to address concerns that led to the July 2020 Schrems II decision of the European Court of Justice

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

Consumer Loan Data Seller Receives $1.5 Million FTC Penalty, With Accompanying Executive Liability | Consumer Privacy World

Authors of

CPW is proud to share with its readers that Global Data Review, a leading data law and regulation publication, has ranked Squire Patton Boggs among 25 Elite firms in its 2022 edition of the GDR 100.  GDR identifies and profiles the world’s leading law firms.  GDR notes that firms with the Elite designation in

Wednesday 2 December 2020
Noon – 12:30 p.m. GMT

As reported on this Blog, on 12 November 2020, the European Commission published a draft decision and draft standard contractual clauses for the transfer of personal data to third countries.  Once approved, organisations that rely on SCCs for transfers will have a one-year grace period

Data Protection ShieldOn 16 July 2020, the Court of Justice of the EU (“CJEU” or the “Court”) delivered another landmark decision on international data transfers – the so-called Schrems II judgment.  In its decision, the CJEU invalidated the EU Commission’s adequacy decision on the EU-US Privacy Shield Framework (“Privacy Shield”), on which thousands of US companies have been relying to lawfully transfer personal data from the EU to the US.  In the same decision, the CJEU confirmed the validity of the Standard Contractual Clauses (“SCCs” or “Clauses”) in principle, but made clear that their legality must considered on a case-by-case basis in light of the circumstances of the particular transfer.

US companies currently relying on Privacy Shield will need to move quickly to evaluate their ability to make use of alternative data transfer mechanism such as the SCCs, Binding Corporate Rules (“BCRs”) or, where applicable, one of the specific transfer-related derogations provided for in the EU General Data Protection Regulation (“GDPR”).
Continue Reading CJEU Invalidates the EU-US Privacy Shield Framework but Leaves the Standard Contractual Clauses Intact, Subject to Major Caveats