Tag archives: Safe Harbor

FCC TCPA order partially upheld and partially set aside

Data Protection Report - digital privacy, CCPA and cybersecurity

On March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to four of the FCC’s determinations relating to cell phones.  The appellate court upheld the FCC’s determinations that consumers can revoke consent to receive marketing calls by “any reasonable means” that clearly expresses the desire to receive no further messages from the caller, and an exception for certain “emergency” healthcare-related calls.  On the other hand, the court set aside the FCC’s decision regarding the definition of an “automatic telephone … Continue Reading

Privacy Shield Update: EU Member States Approve Amended Framework

Data Protection Report - Norton Rose Fulbright

On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised text, an alleged leaked copy is circulating online.

As we have covered, Privacy Shield is the successor agreement to the US-EU Safe Harbor Framework, which the European Court of Justice invalidated in October 2015. The Privacy Shield is intended to provide companies with a … Continue Reading

Privacy Shield Framework Sees Changes, EU Vote Expected in July 2016

Data Protection Report - Norton Rose Fulbright

The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early July 2016. If approved by the EU Member States, companies will be able to subscribe to the Privacy Shield shortly thereafter.

Although the revised agreement is not yet available publicly, the Wall Street Journal reports that the European Commission has addressed the Article 29 Working Party’s concerns regarding the first draft. Fortune reports that the revised agreement clarifies US … Continue Reading

Hamburg DPA’s Safe Harbor Fines Spell Further Uncertainty and Risk for Global Companies

Data Protection Report - Norton Rose Fulbright

On June 6, 2016, Johannes Caspar – the Hamburg Commissioner for Data Protection – announced that the Hamburg Data Protection Authority (“DPA”) fined three companies for relying on the invalidated Safe Harbor framework to transfer data from the European Union to the companies’ operations in the United States. The DPA imposed the fines on Adobe, Punica and Unilever, in the amounts of 8,000, 9,000 and 11,000 Euro, respectively.

Since the invalidation of the Safe Harbor framework by the Court of Justice of the European Union (“CJEU”) in October 2015, German DPAs have taken an active role in questioning cross-border data … Continue Reading

Details of Privacy Shield published

Data Protection Report - Norton Rose Fulbright

On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The Commission’s proposed adequacy decision holds that “the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU-US Privacy Shield”.… Continue Reading

FTC Commissioner Julie Brill comments on EU-US Privacy Shield

Data Protection Report - Norton Rose Fulbright

FTC Commissioner Julie Brill sat down this morning with the Information Technology and Innovation Foundation to discuss the EU-US Privacy Shield, the new framework for transatlantic transfer of personal data announced earlier this week.

Commissioner Brill began by discussing the agreement generally, and provided valuable insight on the role of the Federal Trade Commission (FTC) and the implications of the EU-US Privacy Shield for commercial entities in the US. Read on for a discussion of key takeaways from the event.… Continue Reading

EU-US Privacy Shield scrutinized in Article 29 Working Party initial response

Data Protection Report - Norton Rose Fulbright

On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.… Continue Reading

Schrems: the global impact – how the ECJ ruling is affecting countries outside the EU and US

Data Protection Report - Norton Rose Fulbright

A number of jurisdictions around the world follow the lead from Europe in relation to data protection and impose similar restrictions on the export of personal data unless there is an “adequate level” of protection offered in the recipient jurisdiction. The EU Commission’s “US Safe Harbor” decision had permitted the transfer of personal data between Europe and the US by establishing that an adequate level of data protection was ensured by the EU-US Safe Harbor scheme.… Continue Reading

Reports suggest US-EU agreement on cross-border data transfers near, but will it stick?

Data Protection Report - Norton Rose Fulbright

It is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns the ECJ raised in Schrems, are yet to be firmed up with verifiable compliance commitments.… Continue Reading

German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers

Data Protection Report - Norton Rose Fulbright

Following on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).… Continue Reading

WP29 Issues Post-Safe Harbor Guidance

Data Protection Report - Norton Rose Fulbright

The following is the statement of WP29 on the Schrems decision.  It is a short opinion that we replicated here in full.  We note that WP29 appears to suggest that model clauses and BCRs remain viable through at least January 2016, which is when WP29 would like to see the US and EU agree to a legal, political and technical solution on data transfers.  The opinion suggests coordinated enforcement by DPAs after January 2016, but it is unclear whether such enforcement will focus on Safe Harbor-certified companies alone, or will also undermine model clauses and BCRs.  We are continuing to … Continue Reading

U.S. and Europe at a Privacy Crossroads – IAPP New York KnowledgeNet event

Data Protection Report - Norton Rose Fulbright

On Wednesday, November 18, Boris Segalis, who co-chairs Norton Rose Fulbright’s Data Protection, Privacy and Cybersecurity practice in the U.S. will participate in an IAPP KnowledgeNet panel to discuss topics on the international agenda including Safe Harbor, the draft European General Data Protection Regulation, trade issues, and issues relating to national security and law enforcement.  The event will be key-noted by Paul Nemitz, Director, Fundamental Rights and Union Citizenship, Directorate-General Justice, European Commission.  Panelists will also include Patrice Ettinger, CIPP/US, Chief Privacy Officer, Pfizer Inc., and Joris van Hoboken, Postdoctoral Research Fellow, New York University, Information Law Institute.  … Continue Reading

CJEU decision in Schrems: what businesses should do next

Data Protection Report - Norton Rose Fulbright

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case).  This followed a similar opinion from its Advocate General, which also sets out the facts of the case.

The decision will impact businesses that rely on the EU-US Safe Harbor to legitimize their storage in, or access from, the US of personal data that is subject to EU data protection rules. It could affect cloud service providers, companies that use cloud services, intragroup shared services and any other export flows to the US … Continue Reading

Schrems: Commission holds press conference on ECJ ruling invalidating the Commission’s Safe Harbor Decision

Data Protection Report - Norton Rose Fulbright

As discussed in our post earlier, in today’s ruling on Case C-362/14 (the so-called “Schrems” case), the European Court of Justice (ECJ) invalidated the EU Commission’s “US Safe Harbor” decision with immediate effect. In the meantime, the EU Commission held a press conference discussing the impact of the judgement.… Continue Reading

Day-after-Safe Harbor action plan: anticipating ECJ Schrems decision

Data Protection Report - Norton Rose Fulbright

As we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale for the proposal is weak, organizations that rely on the Safe Harbor are anxious about the consequences such a decision could have on their operations, and want to make appropriate mitigation plans.… Continue Reading

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

Data Protection Report - Norton Rose Fulbright

The European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015.  In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing negotiations to update the Safe Harbor framework, and raise questions about the interpretation of the proposed General Data Protection Regulation, which is currently being finalized in trialogue negotiations among the EU’s Council, Parliament and Commission.  If the … Continue Reading

European Court of Justice Advocate General’s Advisory Opinion in Schrems case questions validity of personal data transfers under EU/US Safe Harbor framework

Data Protection Report - Norton Rose Fulbright

On September 22, 2015,  the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe Harbor recommendation makes predicting whether the ECJ will follow the Opinion virtually impossible. A possible mitigation of the massive impact on trans-Atlantic trade such a finding would have may be that any invalidity that the ECJ identifies in its ultimate decision is met … Continue Reading

LexBlog