On 7 October 2022, the US White House published the Executive Order on enhancing safeguards for United States signals intelligence activities. This action is the first part of the US legal apparatus required for the EU Commission to find certain
On July 6, 2021, Connecticut enacted a new law (Public Act 21-119) that creates a safe harbor for companies that followed certain cybersecurity protocols in the event there’s a security breach.
On March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to four of the FCC’s determinations relating to cell phones. The appellate court upheld the FCC’s determinations that consumers can revoke consent to receive marketing calls by “any reasonable means” that clearly expresses the desire to receive no further messages from the caller, and an exception for certain “emergency” healthcare-related calls. On the other hand, the court set aside the FCC’s decision regarding the definition of an “automatic telephone dialing system” (ATDS), and how callers can deal with reassigned numbers where the previous owner had consented to receive marketing calls.
On July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is
The United States and the European Union reportedly have agreed on changes to the EU-US Privacy Shield. A revised agreement has been sent to EU Member States, and a vote is expected to be held early next month, in early
On June 6, 2016, Johannes Caspar – the Hamburg Commissioner for Data Protection – announced that the Hamburg Data Protection Authority (“DPA”) fined three companies for relying on the invalidated Safe Harbor framework to transfer data from the European Union to the companies’ operations in the United States. The DPA imposed the fines on Adobe, Punica and Unilever, in the amounts of 8,000, 9,000 and 11,000 Euro, respectively.
Since the invalidation of the Safe Harbor framework by the Court of Justice of the European Union (“CJEU”) in October 2015, German DPAs have taken an active role in questioning cross-border data transfer mechanisms, including the validity of the Standard Contractual Clauses and the Binding Corporate Rules, neither of which the CJEU addressed in the Safe Harbor Schrems decision. As part of this effort, the Hamburg DPA made inquiries of 38 global companies that had previously relied on the Safe Harbor framework and have operations in Hamburg to determine whether the companies had updated their cross-border data transfer practices to reflect the invalidation of Safe Harbor. This inquiry has, in turn, resulted in the enforcement action against the three companies.
On February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The Commission’s proposed adequacy decision holds that “the United States ensures an adequate level of protection for personal data transferred from the Union to organisations in the United States under the EU-US Privacy Shield”.
Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.
FTC Commissioner Julie Brill sat down this morning with the Information Technology and Innovation Foundation to discuss the EU-US Privacy Shield, the new framework for transatlantic transfer of personal data announced earlier this week.
Commissioner Brill began by discussing the agreement generally, and provided valuable insight on the role of the Federal Trade Commission (FTC) and the implications of the EU-US Privacy Shield for commercial entities in the US. Read on for a discussion of key takeaways from the event.
On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.