EU-US Privacy Shield

Subscribe to EU-US Privacy Shield via RSS

2020 In Review: Dealing With Schrems II Fallout

By Liisa Thomas on December 21, 2020

As 2020 comes to a close, we take this opportunity to look back at some of the more significant developments that we discussed in the blog this year. The first is the EU Court of Justice’s Schrems II decision, finding that the EU-U.S. Privacy Shield was not a valid mechanism for transferring personal data from the EU to the U.S. Related decisions came out of Switzerland and Israel.
Continue Reading 2020 In Review: Dealing With Schrems II Fallout

EDPB Sheds Post-Schrems II Light on Supplementary Measures for Data Transfers

By Liisa Thomas & Snehal Desai on November 17, 2020

Posted in Consumer Privacy, EU Privacy, Privacy Shield

The EDPB recently published recommendations on additional security steps to take when transferring personal data out of the EU. As outlined in our previous series of posts, the EU found this summer that the EU-US Privacy Shield was an invalid mechanism for transferring personal information from the EU to the US.
Continue Reading EDPB Sheds Post-Schrems II Light on Supplementary Measures for Data Transfers

Schrems II Fallout Continued: Can Companies Rely on Consent?

By Liisa Thomas & Rachel Tarko Hudson on July 30, 2020

Posted in Cross-Border Data Transfers, EU Privacy

The EDPB has provided input about consent in its recent FAQs responding to the Schrems II invalidation of Privacy Shield. As we wrote about previously in this series, Schrems II impacted how companies transfer data from the EU to the U.S.. As background, under GDPR, consent from the individual can be relied on to transfer information from the EU to an entity outside of the EU’s borders if three conditions exist. The EDPB reminded companies of these three conditions in its FAQs, drawing on prior guidance about consent:
Continue Reading Schrems II Fallout Continued: Can Companies Rely on Consent?

CJEU Invalidates Privacy Shield, But Upholds SCCs with Conditions

By Craig Cardon, Julia Kadish, Liisa Thomas, Rachel Tarko Hudson & Oliver Heinisch on July 16, 2020

Posted in Cross-Border Data Transfers, EU Privacy

On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to the US. The CJEU concluded that the Standard Contractual Clauses (SCCs) are valid for the transfer of personal data outside the EU (which would include transfers to the US), with certain conditions.
Continue Reading CJEU Invalidates Privacy Shield, But Upholds SCCs with Conditions

FTC Releases 2019 Privacy and Security Year in Review

By Julia Kadish on March 4, 2020

Posted in Consumer Privacy, COPPA, FTC, Online Privacy

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:
Continue Reading FTC Releases 2019 Privacy and Security Year in Review

Eye On Privacy