background preloader

Comments from major privacy lawyers

Facebook Twitter

European Commission Issues Post-Schrems Communication on EU-US Data Transfers. Introduction Developments following the European Court’s 6 October 2015 Schrems ruling that declared data transfers under Safe Harbor invalid continue apace with the publication of an official 16-page Communication from the European Commission of 6 November.

European Commission Issues Post-Schrems Communication on EU-US Data Transfers

Please refer to our main alert for the background and our comments (including 3 videos) on the Schrems judgment and its consequences along with practical suggestions for businesses to take now to comply.

Jonathan Armstrong

Comments by Pinsent Masons. Comments by Eduardo Ustaran HL. Comments by Stewart Room PwC. Editorial. “Safe Harbour Principles” - Are they really safe? (Decision of the Court of Justice of the EU on case No. C-­362/14) Introduction – Legal Framework According to article 25§1 of Directive 95/46 the transfer from a Member State of the EU to a third party of personal data, which are undergoing processing or are intended for processing after transfer, may take place provided that the third country in question ensures an adequate level of protection.

“Safe Harbour Principles” - Are they really safe? (Decision of the Court of Justice of the EU on case No. C-­362/14)

Hunton & Williams

Comments by Philip Lee FieldFisher. Comments by Daniel Solove. Comments by Hunton & Williams. Safe Harbor update – and what to do. This is an update following our earlier item “US Safe Harbor scheme for data transfers ruled invalid” which can be found here.

Safe Harbor update – and what to do

Article 29 Working Party opinion The EU data protection authorities – known as the Article 29 Working Party – have discussed the consequences of the European Court of Justice (CJEU) decision. First, they have expressed the opinion that data transfers to countries where the powers of state authorities to access information go beyond what is necessary in a democratic society will not be considered as safe destinations for data transfers from the EU. Therefore, the Working Party is urgently calling for open discussions with US authorities in order to find political, legal and technical solutions to enable data transfers to the US. The current negotiations around a new Safe Harbor could be a part of the solution. These discussions between the EU Commissioner and US authorities are ongoing, but it is not known if and when they will reach a conclusion.

The Euro Court of Justice Safe Harbor Ruling Should Spur Careful Planning. The Safe Harbor Ruling – FAQs and What Your Business Should Do Now. European Court rules Safe Harbor invalid in Schrems case.

SCL comments

IAPP. Comments by DLA PIPER. Comments to by Paul Hasting. Comments by Martin Sloan. Comments by Deloitte. Comments by Allen & Overy. Comments in Security-Breaches. Comments by Fisher Philips US Law Firm. Safe Harbor privacy principles invalid, what to do NOW? Safe Harbor privacy principles invalid, what to do NOW?

Safe Harbor privacy principles invalid, what to do NOW?

Giulio Coraggio on 6 October, 2015 - 5:57 pm in data protection, privacy, Sin categoría The European Court of Justice (the CJEU) held that the Safe Harbor privacy principles for transfer of data to the US are invalid opening questions on past and future data transfers relying on such data protection rules and calling for immediate actions. The Safe Harbor privacy principles case The Safe Harbor privacy principles set out terms under which it is possible to transfer personal data from the European Union to companies based in the United States that committed to comply with such principles.

This applies even though the United States is considered to be a country that does not ensure an adequate level of protection to personal data under European Union legislation. European Court declares data protection Safe Harbor invalid. The Court of Justice of the European Union has produced a landmark decision in Maximillian Schrems v Data Protection Commissioner (C‑362/14).

European Court declares data protection Safe Harbor invalid

The ruling may have huge economic and political repercussions for the tech industry in the next months. This is a case that requires some context if you are unfamiliar with DP safe harbors. Art 25 of the Data Protection Directive 95/46/EC contains a set of data protection principles, the first two of which clearly state that personal data from European citizens can only be transferred to a third country if the recipient territory provides an adequate level of protection for that data. The DP Directive was enacted just as the Internet was starting to become widespread, and just as it is today, it was very US-centric. Cloud services, electronic commerce transactions, social media, email, messaging, user data, contact details, customer and employee data.

So European institutions came up with a way to go bypass having to give the US adequacy status. US-EU Safe Harbor Invalidated: What Now? Today, the European Court of Justice (CJEU) invalidated the US-EU Safe Harbor framework, effective immediately.

US-EU Safe Harbor Invalidated: What Now?

This momentous decision jeopardizes the continued flow of data from Europe to the US. As the Safe Harbor framework has been in place for 15 years and counts more than 4500 companies among its participants, today’s ruling is poised to have a major impact on US-EU trade, and leaves many businesses wondering if there are any alternatives that will allow them to continue transferring data across the Atlantic without running afoul of the law.

In this post, we break down the decision and its implications. Uncertainty for the U.S.-EU Safe Harbor Intensified by Non-Binding Recommendation for EU High Court Advisor. The party’s over: EU data protection law after the Schrems Safe Harbour judgment. Steve Peers The relationship between intelligence and law enforcement agencies (and companies like Google and Facebook) and personal data is much like the relationship between children and sweets at a birthday party.

The party’s over: EU data protection law after the Schrems Safe Harbour judgment

Imagine you’re a parent bringing out a huge bowl full of sweets (the personal data) during the birthday party – and then telling the children (the agencies and companies) that they can’t have any. But how can you enforce this rule? If you leave the room, even for a moment, the sweets will be gone within seconds, no matter how fervently you insist that the children leave them alone while you’re out.

If you stay in the room, you will face incessant and increasingly shrill demands for access to the sweets, based on every conceivable self-interested and guilt-trippy argument. When children find their demands thwarted by a strict parent, they have a time-honoured circumvention strategy: “When Mummy says No, ask Daddy”. Background. Safe Harbour No Longer – Major ECJ Decision on EU-US Data Transfers.