On Friday, June 24, the UK electorate voted through a referendum to leave the European Union by a 52% majority. The mechanics of leaving the European Union will be complex, given that the referendum question did not spell out what relationship the UK would have with the EU once it has left, and there is widespread disagreement within the UK government around how and when the United Kingdom’s separation from the European Union should be implemented. One question is what effect Brexit will have on the continued application of the EU General Data Protection Regulation (GDPR) in the UK.
June 2016
Privacy Shield Framework Sees Changes, EU Vote Expected in July 2016
The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early…
Final CISA Guidance for Cybersecurity Information Sharing Published
On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and Department of Justice issued Final Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government (“Final Procedures”) that provide information on how DHS will implement the Cybersecurity Information Sharing Act of 2015 (“CISA”). The Final Procedures were accompanied by Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities Under the Cybersecurity Information Sharing Act of 2015 (“Guidance”). These documents represent finalized versions of interim guidance and procedures which, as we have previously reported, were issued in February.
UAE Employees Jailed for Privacy Breach Before Ultimately Being Acquitted
A recently-reported court case in the United Arab Emirates has highlighted the importance of establishing and implementing good privacy practices, even in the absence of specific data protection legislation.
In late 2014, the UAE public prosecutor charged three officials from…
Hamburg DPA’s Safe Harbor Fines Spell Further Uncertainty and Risk for Global Companies
On June 6, 2016, Johannes Caspar – the Hamburg Commissioner for Data Protection – announced that the Hamburg Data Protection Authority (“DPA”) fined three companies for relying on the invalidated Safe Harbor framework to transfer data from the European Union to the companies’ operations in the United States. The DPA imposed the fines on Adobe, Punica and Unilever, in the amounts of 8,000, 9,000 and 11,000 Euro, respectively.
Since the invalidation of the Safe Harbor framework by the Court of Justice of the European Union (“CJEU”) in October 2015, German DPAs have taken an active role in questioning cross-border data transfer mechanisms, including the validity of the Standard Contractual Clauses and the Binding Corporate Rules, neither of which the CJEU addressed in the Safe Harbor Schrems decision. As part of this effort, the Hamburg DPA made inquiries of 38 global companies that had previously relied on the Safe Harbor framework and have operations in Hamburg to determine whether the companies had updated their cross-border data transfer practices to reflect the invalidation of Safe Harbor. This inquiry has, in turn, resulted in the enforcement action against the three companies.