In response to a 2020 European Court of Justice (ECJ) ruling that the EU-US Privacy Shield data transfer mechanism was not consistent with European data protection laws, the EU and U.S. began working to identify a new arrangement for transferring personal data from the EU to the U.S. However, to date, no substitute data transfer mechanism has been identified.
Read more »Tag: european union
-
Additional Data Protection Authorities Assess Legality Around Using Google Analytics Posted on: March 22, 2022 In: Data Privacy & Cybersecurity
-
ECJ Invalidates the EU-U.S. Privacy Shield as Adequate Transfer Mechanism Posted on: July 16, 2020 In: Data Privacy & Cybersecurity
In a ruling issued on July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-U.S. Privacy Shield – a primary mechanism available to companies exporting personal data from the European Economic Area (EEA) to the United States.
Read more »
-
European Parliament Votes to Suspend the EU-U.S. Privacy Shield Posted on: July 10, 2018 In: Data Privacy & Cybersecurity
On July 5, 2018, the European Parliament voted to suspend the EU-U.S. Privacy Shield Framework (Privacy Shield), an agreement between the United States and the European Union regarding the obligations of U.S.-based companies to protect Europeans’ personal data.
Read more »
-
California Enacts Sweeping, EU-Style Privacy Law Posted on: July 06, 2018 In: Data Privacy & Cybersecurity
On June 28, 2018, California Governor Jerry Brown signed A.B. 375 into law, a robust bill that provides substantially broader privacy rights to California consumers regarding how certain businesses can collect, use, sell, and disclose their personal information. The new law requires such businesses to be more transparent in their data collection and sharing practices.
Read more »
-
GDPR, Part VII: A Brief Guide to the GDPR Posted on: May 02, 2018 In: Data Privacy & Cybersecurity
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. The primary objectives of the GDPR are to return control of “personal data” to EU citizens and residents and to simplify the regulatory environment for international business by unifying regulations within the EU.
Read more »
-
GDPR, Part VI: What Are the Roles of U.S. Regulators? Posted on: December 21, 2017 In: Data Privacy & Cybersecurity
When the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, the European Union (EU) will mark a sea change in how its member states will seek to protect and regulate the collection and use of EU citizens’ data. But as we have noted in our seven-part series analyzing the impact of Europe’s new data regulation and the hurdles that businesses will have to clear in order to comply with its provisions, the effects of the GDPR will not stop at the EU water’s edge.
Read more »
-
GDPR, Part V: Understanding the Fines and Penalties Provisions Posted on: November 28, 2017 In: Data Privacy & Cybersecurity
Non-compliance with the forthcoming General Data Protection Regulation (GDPR) can mean significant fines and administrative penalties for non-compliant data controllers and processors. The GDPR will go into effect on May 25, 2018, when the former Data Protection Directive 95/46/EC is repealed. While the former directive was binding on all EU member states, it left to the national authorities of each state the choice of “forms or methods” to achieve compliance with its intended results.
Read more »
-
GDPR, Part IV: The Data Subject Consent Provisions Posted on: November 21, 2017 In: Data Privacy & Cybersecurity
With the forthcoming General Data Protection Regulation (GDPR) set to change the cybersecurity landscape of data collection and storage in the European Union (EU), one of the most important areas that organizations processing or storing EU citizens' data will need to ensure they are complying with is the GDPR's consent guidelines.
Read more »
-
GDPR, Part III: The Data Protection Officer Requirement Posted on: November 13, 2017 In: Data Privacy & Cybersecurity
This seven-part series analyzes the ways in which the forthcoming General Data Protection Regulation (GDPR), effective May 25, 2018, will impact the regulatory landscape for entities doing business with or transacting in the data of European Union citizens. The first part of this series provided an overview of the history of pre-GDPR European data protection law. The second installment focused on the GDPR’s breach notification requirements.
Read more »
-
GDPR, Part II: Personal Data Breach Notification Requirements Posted on: November 01, 2017 In: Data Privacy & Cybersecurity
This seven-part series analyzes the ways in which the General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, will impact the regulatory landscape for entities doing business with, or transacting in the data of European Union citizens. The first part of the series provides an overview of the history of pre-GDPR European data protection law. Future installments will each address a discrete aspect of the GDPR itself.
Read more »