Category

Litigation

04 November 2015

EU Commissioner Jourová encourages further progress amidst Safe Harbor fall out

The 37th Annual International Conference of Privacy Commissioners in Amsterdam last week was long planned around the proposals of the transatlantic Privacy Bridges Project for a series of concrete steps to bring the U.S. and EU closer together on privacy.  But, with the CJEU’s Schrems decision blowing up the Safe Harbor bridge not long before the conference, there were many references to Safe Harbor as “the elephant in the room.”  Perhaps aptly, the logo chosen for conference was a drawbridge.

(more…)

EmailShare
25 October 2015

Safeguards and Oversight of U.S. Surveillance Under Section 702

In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union invalidated the US-EU Safe Harbor agreement on the basis that the European Commission had failed to sufficiently assess the protection of personal data of Europeans under the U.S. data protection regime. The Court alluded to U.S. surveillance activities under the PRISM program authorized by Section 702 of the Foreign Intelligence Surveillance Act, and appeared to assume U.S. law permits mass surveillance of Europeans with few limits, little clarity, and no opportunity for redress. However, the Court did not actually review or assess the applicable legal authorities, remedies, or array of checks and balances, safeguards, and independent oversight.  If it had done so, it would have found numerous overlapping controls that assure that such surveillance is neither massive nor indiscriminate, but instead targeted to specific individuals and limited purposes, and provides legal remedies for Europeans. Indeed, prior to the scheduled expiration of the 702 program in 2017, U.S. congressional oversight committees will likely be comparing whether privacy safeguards in place for similar foreign programs are as effective as those of Section 702.

Significantly, the independent Privacy and Civil Liberties Oversight Board reviewed surveillance under Section 702 and found: “[T]the Section 702 program is not based on the indiscriminate collection of information in bulk. Instead the program consists entirely of targeting specific [non-U.S.] persons about whom an individualized determination has been made.” Key safeguards and controls include…

(MORE…)

EmailShare
23 October 2015

Safe Harbor Data Privacy Briefing: Your Questions Answered by Giovanni Buttarelli

Everyone is talking about the European Court of Justice’s landmark judgment that declared the EU-U.S. Safe Harbor invalid.

As a follow-up to our webinar on October 8, “What Safe Harbor’s Invalidation Means for Your Business” took place on October 20, 2015 through a partnership with Sidley Austin LLP and DataGuidance. The European Data Protection Supervisor, Giovanni Buttarelli, held a special Q&A session where he shared his invaluable perspective on how the CJEU’s recent judgment will impact the business landscape. Mr. Buttarelli was joined by Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on the EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.

EmailShare
09 October 2015

Safe Harbor: Your Questions Answered

The webinar “Safe Harbor Briefing: Your Questions Answered,” took place on October 8, 2015 at 4:30 pm BST through a partnership with Sidley Austin LLP and DataGuidance. Speakers for the briefing panel were Cameron Kerry, Senior Counsel, who as General Counsel of the U.S. Commerce Department led U.S. discussions with the EU on Safe Harbor, William Long, Partner, who advises on European privacy law and Maarten Meulenbelt, Partner, who advises on the EU regulatory affairs. Panelists discussed and answered attendees questions on the CJEU’s judgment, its impact on companies that have relied on Safe Harbor to transfer data, and what to do in response. See more:

EmailShare
08 October 2015

The U.S. Government Largely Has Itself to Blame for the EU Court’s Safe Harbor Decision

Originally posted by the Council on Foreign Relations Net Politics Blog on October 8, 2015.

In a decision Tuesday that was as shocking as it was predictable, the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU Safe Harbor for westward bound international transfers of personal data. The companies whose information flows to the United States will be impeded by the EU decision need to look to the U.S. government and not just the EU for letting this mess happen.

The case stems from a complaint Max Schrems filed with the Irish Data Protection Authority about the privacy risks of using Facebook. He was concerned that electronic communications transferred to the United States would end up in the hands of the NSA’s PRISM program. PRISM involves the NSA’s use of a provision in the Foreign Intelligence Surveillance Act, section 702, that allows it to target non-U.S. persons located outside the United States for foreign intelligence purposes. This section only applies to collections from electronic communication service providers located in the United States.

EmailShare
06 October 2015

Safe Harbor Declared Invalid by European Court of Justice

Today the European Court of Justice (“ECJ”) issued its judgment in the Max Schrems case in which it declared the European Commission’s decision on Safe Harbor as invalid. The Commission’s decision in 2000 found that companies participating in the US Department of Commerce Safe Harbor framework were operating under an “adequate” data protection regime and could thus rely on the Safe Harbor as a permissible basis to transfer personal information from the EU to the US.  The judgment comes less than two weeks after the publication of the opinion from Advocate General Bot in which he advised that national Data Protection Authorities (“DPAs”) must be able to investigate an individual request to suspend data flows to the US by a company certified under the Safe Harbor scheme, and in which he also found the Safe Harbor scheme to be invalid.

(more…)

EmailShare
24 September 2015

Opinion by ECJ Advocate General Finds Safe Harbor Invalid

In a seismic recommendation, Advocate General Yves Bot at the European Court of Justice (ECJ) issued his opinion in the closely watched Max Schrems case challenging the U.S.-EU Safe Harbor Agreement and has found Safe Harbor to be invalid. The opinion is not legally binding on the ECJ, although the Court most often follows the opinions of the Advocate General. The Advocate General recommendation makes the status of the existing Safe Harbor agreement even more uncertain, but acknowledges negotiations between the European Commission and the U.S. for an updated agreement and may leave room for a different result if such an agreement addresses concerns in the opinion about U.S. bulk surveillance.

(more…)

EmailShare
26 August 2015

Third Circuit Affirms FTC Authority to Regulate Cybersecurity

On Monday, the U.S. Court of Appeals for the Third Circuit issued its much-anticipated decision in Federal Trade Commission v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. Aug. 24, 2015), holding that the Federal Trade Commission has the authority to bring an action under Section 5 of the FTC Act for allegedly “unfair” cybersecurity practices.

(more…)

EmailShare
24 July 2015

FCC Issues Far-Reaching TCPA Declaratory Ruling

An already active TCPA class action bar is sure to become even more active after a significant Declaratory Ruling and Order from the FCC that, among other points, broadened what technologies may be considered autodialers, gave further strength to class actions based on reassigned cell numbers, and muddied the waters for constructing compliance mechanisms to support consumer revocation of consent.

On July 10, 2015, the Federal Communications Commission issued a declaratory ruling to resolve various concerns raised by 21 petitions regarding the Commission’s implementation of the Telephone Consumer Protection Act, which carries a $500 penalty for each call or text in violation.

(more…)

EmailShare
XSLT Plugin by BMI Calculator