Tag archives: Model Clauses

Privacy Shield Update: EU Member States Approve Amended Framework

By Marcus Evans (UK) on July 8, 2016 Posted in Compliance and risk management, Regulatory response

Data Protection Report - Norton Rose Fulbright

On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised … Continue reading

Privacy Shield Framework Sees Changes, EU Vote Expected in July 2016

By Marcus Evans (UK) on June 24, 2016 Posted in Compliance and risk management, Regulatory response

The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early July 2016. If approved by the EU Member States, companies will be able to subscribe … Continue reading

Irish Data Protection Commissioner to Request Court Declaration as to Validity of Personal Data Transfers to the US Under EU Model Clauses

By Marcus Evans (UK) and Shiv Daddar (UK) on May 26, 2016 Posted in Compliance and risk management, Regulatory response

On May 25, 2016, Austrian law student Max Schrems issued a press release stating that he has been informed that the Irish Data Protection Commissioner (DPC) is planning to refer a question to the Court of Justice of the European Union (CJEU) as to whether the EU model clauses remain a valid data transfer mechanism … Continue reading

Hamburg DPA leader: Model Clauses, BCRs and EU-US Privacy Shield are probably insufficient

By on March 2, 2016 Posted in Regulatory response

On February 26, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, again spoke at an event about the consequences of the invalidation of the Safe Harbor, emphasizing his position on the transfer of personal data from the EU to the US.… Continue reading

EU-US Privacy Shield – UK ICO updates its interim position on transfers to the US

By Marcus Evans (UK) on February 12, 2016 Posted in Regulatory response

Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.… Continue reading

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

By Marcus Evans (UK) and Jay Modrall (BE) on February 3, 2016 Posted in Regulatory response

On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.… Continue reading

CJEU decision in Schrems: what businesses should do next

By Marcus Evans (UK) and Jay Modrall (BE) on October 8, 2015 Posted in Regulatory response

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case). This followed a similar opinion from its Advocate General, which also sets out the facts of the case. The decision will impact businesses that rely on the EU-US Safe Harbor … Continue reading

Europe and US slated to agree on revised US-EU/US-Swiss Safe Harbor framework

By on August 12, 2015 Posted in Regulatory response

It is being reported that the European Union and the United States are nearing an agreement on the revised US-EU/US-Swiss Safe Harbor framework. Thousands of US companies that have certified compliance with the Safe Harbor should be encouraged that the framework – which has been the subject of sustained criticism by European data protection regulators … Continue reading