On September 22, 2015, the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe Harbor recommendation makes predicting whether the ECJ will follow the Opinion virtually impossible. A possible mitigation of the massive impact on trans-Atlantic trade such a finding would have may be that any invalidity that the ECJ identifies in its ultimate decision is met by the revisions to the Safe Harbor framework that is currently being negotiated. It is likely that the Opinion will encourage the European Commission to harden its stance in the ongoing negotiations with the US, or to delay concluding those negotiations until the ECJ issues a decision in Schrems, so as not to put the updated Safe Harbor Agreement at odds with such a decision.
Executive Order on access to Americans’ bulk sensitive data – Part 1
On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use
CNIL publishes a draft TIA guide
The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union. The European Data Protection Board (EDPB) followed up with recommendations[2]
European Commission adopts its adequacy decision for the EU-US Data Privacy Framework
On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred
EDPB Guidelines on international transfers: 6 key takeways
EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers
On 14 February 2023, the European Data Protection Board (EDPB) published its Guidelines on
Draft European Commission EU-US Data Privacy Framework adequacy decision published
On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF).
The draft decision – available here – addresses the concerns raised by the Court of Justice
New UK guidance on Transfer Risk Assessments
On 17 November 2022, the Information Commissioner’s Office (ICO) published an update to its guidance on international transfers (Transfers Guidance). This included specific guidance about transfer risk assessments or TRAs and a tool for undertaking
Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities: Paving the way toward adequacy
As reported in our previous blogpost, on 7 October 2022, the US White House published an Executive Order on enhancing safeguards for United States signals intelligence activities (EO).
In this blogpost, we set out the key points
Nascent EU/ US Trans-Atlantic Data Privacy Framework: some points to note
On 25 March the EU Commission (Commission) and United States (US) announced that they had agreed in principle on a new “Trans-Atlantic Data Privacy Framework” (TADPF) to foster trans-Atlantic data flows and address the
European rulings on the use of Google Analytics and how it may affect your business
Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines.
At issue was the transfer