On February 29, 2016, the European Commission released the legal texts that will implement the EU-U.S. Privacy Shield, as well as a communication summarizing the actions taken over the last few years to “restore trust in transatlantic data flows since the 2013 surveillance revelations.”
The documents include a draft adequacy decision, the Privacy Shield principles that companies will have to abide by, as well as written commitments by the U.S. government, to be published in the U.S. Federal Register, on the enforcement of the arrangement, including assurance on the safeguards and limitations concerning access to data by public authorities. On March 2, 2016, Sidley and DataGuidance presented a live webinar to investigate the latest details of the agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice, and Cameron Kerry, Senior Counsel and former General Counsel and Acting Secretary of the United States Department of Commerce.
On February 2, 2016, the European Commission announced that an agreement had been reached regarding a new framework for the transfer of data to the U.S.: the EU-U.S. Privacy Shield. According to Vice-President of the European Commission, Andrus Ansip, and Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, who made the announcement, the new arrangement reflects the requirements set out by the Court of Justice of the European Union in Maximillian Schrems v. Data Protection Commissioner (C-362-14), and is due to come into force within three months. On February 5, Sidley and DataGuidance presented a live webinar to investigate the new agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.
In a milestone decision on transatlantic data protection, the Court of Justice of the European Union (CJEU) issued its judgment in the Schrems case, declaring the Commission decision on the EU-U.S. Safe Harbor agreement invalid. The CJEU declared that such a decision requires a finding that the level of protection of fundamental rights and freedoms in the laws and practices of the third country is “essentially equivalent” to that guaranteed within the EU. Given the CJEU’s decision, the Commission and data protection authorities are now called upon to examine the legal order in the U.S. and compare its level of protection to that within the EU.
This report provides a roadmap and resource for this comparison. Following the analysis laid out by the CJEU in Schrems, it shows how privacy values deeply embedded in U.S. law and practice have resulted in a system of protection of fundamental rights and freedoms that meets the test of essential equivalency.
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.
From the invalidation of Safe Harbor to agreements on the EU Regulation, from EU cybersecurity legislation to US cybersecurity legislation, from flexed and tested regulatory enforcement powers to multiple noteworthy cybersecurity guidance from regulators and other governmental entities, to changes in state laws, 2015 was an enormously eventful year in data protection and privacy. We invite you to browse our archives and use our tags to catch up on any of the hottest stories you may have missed.
As 2015 comes to a close, we wish all our readers a Happy New Year from Sidley’s Privacy, Data Security and Information Law practice, and may all your data be secure in 2016.
The second edition of The Privacy, Data Protection and Cybersecurity Law Review appears as the world is converging on more privacy laws that cover more areas of business and are subject to more enforcement. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication, including Alan Charles Raul, William RM Long, Geraldine Scali, Catherine M. Valerio Barrad, Yuet Ming Tham, Jillian Lee, Takahiro Nonaka, Tasha D. Manoranjan, and Vivek K. Mohan. For a closer look at this developing area of law, please visit http://www.sidley.com/the-privacy-data-protection-and-cybersecurity-law-review-11-2015.
Everyone is talking about the European Court of Justice’s landmark judgment that declared the EU-U.S. Safe Harbor invalid.
As a follow-up to our webinar on October 8, “What Safe Harbor’s Invalidation Means for Your Business” took place on October 20, 2015 through a partnership with Sidley Austin LLP and DataGuidance. The European Data Protection Supervisor, Giovanni Buttarelli, held a special Q&A session where he shared his invaluable perspective on how the CJEU’s recent judgment will impact the business landscape. Mr. Buttarelli was joined by Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on the EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.
The webinar “Safe Harbor Briefing: Your Questions Answered,” took place on October 8, 2015 at 4:30 pm BST through a partnership with Sidley Austin LLP and DataGuidance. Speakers for the briefing panel were Cameron Kerry, Senior Counsel, who as General Counsel of the U.S. Commerce Department led U.S. discussions with the EU on Safe Harbor, William Long, Partner, who advises on European privacy law and Maarten Meulenbelt, Partner, who advises on the EU regulatory affairs. Panelists discussed and answered attendees questions on the CJEU’s judgment, its impact on companies that have relied on Safe Harbor to transfer data, and what to do in response. See more: