The third edition of The Privacy, Data Protection and Cybersecurity Law Review appears as the world is converging on more privacy laws that cover more areas of business and are subject to more enforcement. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.
Sidley is pleased to announce that Dean Forbes has joined the firm’s Privacy, Data Security and Information Law practice. Dean will advise clients on legal matters related to privacy, security, and personal data governance and use.
With the final Privacy Shield decision, the European Commission and United States Government have concluded several years of discussion and negotiation concerning the Safe Harbour framework and the new Privacy Shield. The effort and thought by negotiators, EU institutions, and stakeholders alike to reach this point reflect the importance of private life and data protection in EU society and the significance of data flows to transatlantic commerce and discourse. Sidley Senior Counsel Cam Kerry and Sidley Partner Maarten Meulenbelt discuss how the Privacy Shield meets the requirements of EU law and answer criticisms in Privacy Shield: Essentially Equivalent. For more, click here.
Globe Business Media Group has published a Lexology Navigator on Data Security and Cybercrime in the USA by Sidley Austin LLP. Colleen Brown, Ed McNicholas, Alan Raul and Anna Spencer contributed to the reference guide, which also lets you compare jurisdictions on various legal topics, such as data protection, from leading practitioners in the area.
Developments on the European data protection front continue at a fast pace. As the process of implementation of the now-final General Data Protection Regulation (GDPR) begins, the Article 29 Working Party (WP29) is announcing a workshop on implementation questions in Brussels in July. Meanwhile, uncertainty continues for trans-Atlantic data transfers as both the European Parliament and the European Data Protection Supervisor (EDPS) weigh in with views for negotiators on the EU-U.S. Privacy Shield, and the Irish Data Protection Commissioner (IDPC) announces the intention to initiate proceedings in the Irish High Court that may put before the Court of Justice of the European Union (CJEU) the validity of EU standard contractual clauses (or model contracts). (more…)
Senior legal, economic and privacy leadership from U.S. and European government joined Sidley partners and senior counsel as panel participants at the 2nd Annual Privacy and Cybersecurity Roundtable. An audience of more than 70 privacy professionals across financial, healthcare and technology industries heard from three panels that focused on the latest developments and prospective issues in cybersecurity, big data and EU privacy.
On February 29, 2016, the European Commission released the legal texts that will implement the EU-U.S. Privacy Shield, as well as a communication summarizing the actions taken over the last few years to “restore trust in transatlantic data flows since the 2013 surveillance revelations.”
The documents include a draft adequacy decision, the Privacy Shield principles that companies will have to abide by, as well as written commitments by the U.S. government, to be published in the U.S. Federal Register, on the enforcement of the arrangement, including assurance on the safeguards and limitations concerning access to data by public authorities. On March 2, 2016, Sidley and DataGuidance presented a live webinar to investigate the latest details of the agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice, and Cameron Kerry, Senior Counsel and former General Counsel and Acting Secretary of the United States Department of Commerce.
On February 2, 2016, the European Commission announced that an agreement had been reached regarding a new framework for the transfer of data to the U.S.: the EU-U.S. Privacy Shield. According to Vice-President of the European Commission, Andrus Ansip, and Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, who made the announcement, the new arrangement reflects the requirements set out by the Court of Justice of the European Union in Maximillian Schrems v. Data Protection Commissioner (C-362-14), and is due to come into force within three months. On February 5, Sidley and DataGuidance presented a live webinar to investigate the new agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.
In a milestone decision on transatlantic data protection, the Court of Justice of the European Union (CJEU) issued its judgment in the Schrems case, declaring the Commission decision on the EU-U.S. Safe Harbor agreement invalid. The CJEU declared that such a decision requires a finding that the level of protection of fundamental rights and freedoms in the laws and practices of the third country is “essentially equivalent” to that guaranteed within the EU. Given the CJEU’s decision, the Commission and data protection authorities are now called upon to examine the legal order in the U.S. and compare its level of protection to that within the EU.
This report provides a roadmap and resource for this comparison. Following the analysis laid out by the CJEU in Schrems, it shows how privacy values deeply embedded in U.S. law and practice have resulted in a system of protection of fundamental rights and freedoms that meets the test of essential equivalency.
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.