Your search matched the following posts:

An “enhanced” Privacy Shield is being negotiated – third time a charm?

On 10 August, the European Commission and the US Department of Commerce confirmed that talks have begun between the EU and US for an “enhanced” Privacy Shield.

This will be the third attempt to revise this framework, following the invalidation of Safe Harbor in 2015 and Privacy Shield in July 2020. Third time a charm? We’re not so sure.

By way of recap, in Schrems II, the court made clear that Privacy Shield was invalid for three main reasons:

  1. US surveillance rules are disproportionate
  2. There is a lack of proper oversight over US surveillance programmes
  3. EU individuals do not
Continue Reading

Schrems II landmark ruling: Privacy Shield is invalid, Standard Contractual Clauses are valid but court puts obligations on parties and authorities

The Court of Justice of the European Union (CJEU) has today published its decision in the landmark case, known as Schrems II. While Privacy Shield has been completely invalidated, the Standard Contractual Clauses (SCCs) remain valid, but the court has emphasised obligations on the parties to the SCCs  and Data Protection Authorities which have the potential to restrict when they can be used.

Here is a very short first summary:

  1. Privacy Shield is invalid.  This is on the basis that the access and use of EU personal data by US authorities are not restricted in a way
Continue Reading

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

What has happened?

Yesterday, the Advocate General (“AG”) concluded that, in his opinion, the EU Standard Contractual Clauses (“SCCs”) are a valid mechanism to transfer personal data outside of the European Economic Area (“EEA”). However, the AG suggested new obligations for those using SCCs. They need to examine the national security laws of the country of the data importer to determine whether they can in fact comply with the terms of SCCs.… Continue Reading

The European Parliament asks for the suspension of the privacy shield

Norton Rose Fulbright - Data Protection Report blog

On July 5, the European Parliament passed a non-binding resolution, asking the European Commission, the EU’s executive body, to suspend the Privacy Shield framework. The EU-US Privacy Shield, designed by the US Department of Commerce and the European Commission, provides a mechanism for companies to transfer personal data between the EU and the US while remaining compliant with EU data protection laws.

The European Commission passed the data-sharing privacy framework on July 12, 2016, after its precursor, Safe Harbor, was struck down by the European Court of Justice on October 6, 2015.

Since the European Parliament’s resolution is … Continue Reading

Privacy Shield Update: EU Member States Approve Amended Framework

Data Protection Report - Norton Rose Fulbright

On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised text, an alleged leaked copy is circulating online.

As we have covered, Privacy Shield is the successor agreement to the US-EU Safe Harbor Framework, which the European Court of Justice invalidated in October 2015. The Privacy Shield is intended to provide companies with a … Continue Reading

Privacy Shield Framework Sees Changes, EU Vote Expected in July 2016

Data Protection Report - Norton Rose Fulbright

The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early July 2016. If approved by the EU Member States, companies will be able to subscribe to the Privacy Shield shortly thereafter.

Although the revised agreement is not yet available publicly, the Wall Street Journal reports that the European Commission has addressed the Article 29 Working Party’s concerns regarding the first draft. Fortune reports that the revised agreement clarifies US … Continue Reading

Norton Rose Fulbright discusses recent opinion on Privacy Shield

Norton Rose Fulbright - Data Protection

The Article 29 Working Party released an opinion yesterday stating that it would not endorse the EU-US Privacy Shield. Norton Rose Fulbright partners Boris Segalis and Marcus Evans spoke with Law360 to discuss how the opinion will affect private companies. Read the full article and discussion here.

For more information on the effects of the Article 29 Working Party’s opinion, we invite you to attend our free webinar on Thursday, April 21.… Continue Reading

European Union-United States Privacy Shield – A Comprehensive Overview: Webinar

Data Protection Report - Norton Rose Fulbright

Data privacy partners at Norton Rose Fulbright invite you to join them on Thursday, April 21 for a discussion on the EU-US Privacy Shield and the impact of the Article 29 Working Party’s formal opinion on the adequacy of the Privacy Shield. The WP29’s formal opinion is expected on April 12th or April 13th.

The discussion will be led by Boris Segalis, co-chair of Norton Rose Fulbright’s Data Protection, Privacy and Cybersecurity practice in the US, Marcus Evans, data privacy partner in Norton Rose Fulbright’s London office and Jay Modrall, anti-trust and competition partner in Norton Rose Fulbright’s … Continue Reading

Details of Privacy Shield published

Data Protection Report - Norton Rose Fulbright

On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The Commission’s proposed adequacy decision holds that “the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU-US Privacy Shield”.… Continue Reading

LexBlog