Tag archives: Schrems

European rulings on the use of Google Analytics and how it may affect your business

European rulings on the use of Google Analytics and how it may affect your business

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Schrems II judgement due in July – what this might mean for your outsourcing deal

By Marcus Evans (UK), Lara White (UK) and Janine Regan (UK) on June 17, 2020 Posted in Compliance and risk management

Data Protection Report - Norton Rose Fulbright

Just when we thought our summers might have been looking a bit dull, it was announced that the Court of Justice of the European Union (CJEU) will be making its final ruling in Case C-311/18, Data Protection Commissioner v Facebook Ireland & Schrems on 16 July 2020. This judgement concerns the legality of the European … Continue reading

One week into GDPR – what you need to know

By Jeewon Kim Serrato (US), Marcus Evans (UK), Ffion Flockhart (UK) and Steven Hadwin (UK) on June 4, 2018 Posted in Compliance and risk management

Norton Rose Fulbright - Data Protection Report blog

Websites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR The European Union’s far-reaching General Data Protection Regulation (GDPR) went into effect on 25 May amid … Continue reading

Hamburg DPA’s Safe Harbor Fines Spell Further Uncertainty and Risk for Global Companies

By Christoph Ritzer (DE) on June 8, 2016 Posted in Compliance and risk management, Regulatory response

On June 6, 2016, Johannes Caspar – the Hamburg Commissioner for Data Protection – announced that the Hamburg Data Protection Authority (“DPA”) fined three companies for relying on the invalidated Safe Harbor framework to transfer data from the European Union to the companies’ operations in the United States. The DPA imposed the fines on Adobe, Punica … Continue reading

Irish Data Protection Commissioner to Request Court Declaration as to Validity of Personal Data Transfers to the US Under EU Model Clauses

By Marcus Evans (UK) and Shiv Daddar (UK) on May 26, 2016 Posted in Compliance and risk management, Regulatory response

On May 25, 2016, Austrian law student Max Schrems issued a press release stating that he has been informed that the Irish Data Protection Commissioner (DPC) is planning to refer a question to the Court of Justice of the European Union (CJEU) as to whether the EU model clauses remain a valid data transfer mechanism … Continue reading

Schrems: the global impact – how the ECJ ruling is affecting countries outside the EU and US

By Jim Lennon (AU) on November 2, 2015 Posted in General

A number of jurisdictions around the world follow the lead from Europe in relation to data protection and impose similar restrictions on the export of personal data unless there is an “adequate level” of protection offered in the recipient jurisdiction. The EU Commission’s “US Safe Harbor” decision had permitted the transfer of personal data between … Continue reading

DIFC Data Protection Commissioner issues guidance on US data exports following Schrems case

By on October 30, 2015 Posted in Regulatory response

The Dubai International Financial Centre (DIFC) Commissioner for Data Protection has issued guidance to DIFC entities on the export of personal data outside the DIFC in light of a landmark data protection ruling by the European Court of Justice (ECJ).… Continue reading

Reports suggest US-EU agreement on cross-border data transfers near, but will it stick?

By on October 29, 2015 Posted in Regulatory response

It is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns … Continue reading

German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers

By Christoph Ritzer (DE) and Marcus Evans (UK) on October 26, 2015 Posted in Regulatory response

Following on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).… Continue reading

WP29 Issues Post-Safe Harbor Guidance

By Marcus Evans (UK), Jamie Nowak (DE) and Jay Modrall (BE) on October 16, 2015 Posted in General

The following is the statement of WP29 on the Schrems decision. It is a short opinion that we replicated here in full. We note that WP29 appears to suggest that model clauses and BCRs remain viable through at least January 2016, which is when WP29 would like to see the US and EU agree to a … Continue reading

No Safe Harbor: Implications of the European Schrems decision – conference call

By on October 8, 2015 Posted in Compliance and risk management

On Wednesday, October 14, 2015, Norton Rose Fulbright attorneys Marcus Evans, Jay Modrall and Boris Segalis will lead a conference call to discuss the implications of the Schrems case, which invalidated the EU-US Safe Harbor Decision. Register Now… Continue reading

CJEU decision in Schrems: what businesses should do next

By Marcus Evans (UK) and Jay Modrall (BE) on October 8, 2015 Posted in Regulatory response

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case). This followed a similar opinion from its Advocate General, which also sets out the facts of the case. The decision will impact businesses that rely on the EU-US Safe Harbor … Continue reading

Schrems: Commission holds press conference on ECJ ruling invalidating the Commission’s Safe Harbor Decision

By Marcus Evans (UK) and Jay Modrall (BE) on October 6, 2015 Posted in Regulatory response

As discussed in our post earlier, in today’s ruling on Case C-362/14 (the so-called “Schrems” case), the European Court of Justice (ECJ) invalidated the EU Commission’s “US Safe Harbor” decision with immediate effect. In the meantime, the EU Commission held a press conference discussing the impact of the judgement.… Continue reading

Schrems: ECJ invalidates the Commission’s Safe Harbor Decision

By Marcus Evans (UK), Jay Modrall (BE) and Jamie Nowak (DE) on October 6, 2015 Posted in Compliance and risk management

The European Court of Justice (ECJ) ruled on Case C-362/14 (the Schrems case) earlier today, 6 October 2015. In its ruling, the ECJ – among other things – held that the EU Commission’s “US Safe Harbor” decision is invalid.… Continue reading

Day-after-Safe Harbor action plan: anticipating ECJ Schrems decision

By Marcus Evans (UK) and Jay Modrall (BE) on October 5, 2015 Posted in Regulatory response

As we have written extensively, the European Court of Justice’s (ECJ’s) ruling in the Schrems case on October 6, 2015 may effectively invalidate the US-EU Safe Harbor framework. While we believe that the Advocate General’s rationale for the proposal is weak, organizations that rely on the Safe Harbor are anxious about the consequences such a … Continue reading

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

By Jay Modrall (BE) and Marcus Evans (UK) on October 1, 2015 Posted in Regulatory response

The European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015. In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading

European Court of Justice Advocate General’s Advisory Opinion in Schrems case questions validity of personal data transfers under EU/US Safe Harbor framework

By Marcus Evans (UK) on September 24, 2015 Posted in Compliance and risk management, General

On September 22, 2015, the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe … Continue reading