On February 26, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, again spoke at an event about the consequences of the invalidation of the Safe Harbor, emphasizing his position on the transfer of personal data from the EU to the US.
U.S. Government Publishes CISA Guidance for Cybersecurity Information Sharing
Earlier this month, the U.S. Department of Homeland Security (DHS) and Department of Justice (DOJ) issued joint interim guidance on private entities’ sharing of cyber threat indicators and defensive measures with the government and other private entities. As we have written, Congress required the agencies to develop and publish this guidance through the Cybersecurity Information Sharing Act (CISA). The guidance provides helpful examples of information that may or may not be shared, along with details about the information sharing mechanism. Concurrently, DHS and DOJ published interim procedures for the receipt of cyber threat indicators and defensive measures, and privacy and civil liberties guidelines.
Below are the key takeaways from the guidance.
Details of Privacy Shield published
On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The Commission’s proposed adequacy decision holds that “the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU-US Privacy Shield”.