Tag archives: Binding Corporate Rules

WP29 brings Binding Corporate Rules in line with the GDPR

By Lara White (UK) and Anna Rudawski (US) on February 28, 2018 Posted in Regulatory response

Norton Rose Fulbright - Data Protection Report blog

On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“BCRs“), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.… Continue reading

Hamburg DPA leader: Model Clauses, BCRs and EU-US Privacy Shield are probably insufficient

By on March 2, 2016 Posted in Regulatory response

Data Protection Report - Norton Rose Fulbright

On February 26, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, again spoke at an event about the consequences of the invalidation of the Safe Harbor, emphasizing his position on the transfer of personal data from the EU to the US.… Continue reading

EU-US Privacy Shield – UK ICO updates its interim position on transfers to the US

By Marcus Evans on February 12, 2016 Posted in Regulatory response

Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.… Continue reading

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

By Marcus Evans and Jay Modrall (BE) on February 3, 2016 Posted in Regulatory response

On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.… Continue reading

German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers

By Christoph Ritzer (DE) and Marcus Evans on October 26, 2015 Posted in Regulatory response

Following on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).… Continue reading

A German data protection authority questions model clauses

By Christoph Ritzer (DE) on October 15, 2015 Posted in Regulatory response

The German data protection authority from the northern state Schleswig-Holstein has released guidance in connection with the ECJ’s decision on Safe Harbor.… Continue reading

CJEU decision in Schrems: what businesses should do next

By Marcus Evans and Jay Modrall (BE) on October 8, 2015 Posted in Regulatory response

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case). This followed a similar opinion from its Advocate General, which also sets out the facts of the case. The decision will impact businesses that rely on the EU-US Safe Harbor … Continue reading

Schrems: Commission holds press conference on ECJ ruling invalidating the Commission’s Safe Harbor Decision

By Marcus Evans and Jay Modrall (BE) on October 6, 2015 Posted in Regulatory response

As discussed in our post earlier, in today’s ruling on Case C-362/14 (the so-called “Schrems” case), the European Court of Justice (ECJ) invalidated the EU Commission’s “US Safe Harbor” decision with immediate effect. In the meantime, the EU Commission held a press conference discussing the impact of the judgement.… Continue reading

Day-after-Safe Harbor action plan: anticipating ECJ Schrems decision

By Marcus Evans and Jay Modrall (BE) on October 5, 2015 Posted in Regulatory response

As we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale for the proposal is weak, organizations that rely on the Safe Harbor are anxious about the consequences such a … Continue reading

Europe and US slated to agree on revised US-EU/US-Swiss Safe Harbor framework

By on August 12, 2015 Posted in Regulatory response

It is being reported that the European Union and the United States are nearing an agreement on the revised US-EU/US-Swiss Safe Harbor framework. Thousands of US companies that have certified compliance with the Safe Harbor should be encouraged that the framework – which has been the subject of sustained criticism by European data protection regulators … Continue reading