Amid news of Brexit, UK ICO seeks to provide reassurance
As the world began to grapple with the implications of the UK’s vote to withdraw from the European Union, or “Brexit,” the UK Information Commissioner has sought to provide reassurance, issuing a statement reinforcing continuity of data protection principles and a commitment to the digital economy.
German Privacy Regulator issues first fines for inadmissible transfers of data to the U.S.
On 6 June 2016, the Hamburg Data Protection Commissioner issued fines against three international companies for failing to implement alternative data transfer mechanisms following the invalidation of Safe Harbor in October 2015.
Privacy Shield and the General Data Protection Regulation: More Key Developments
Developments on the European data protection front continue at a fast pace. As the process of implementation of the now-final General Data Protection Regulation (GDPR) begins, the Article 29 Working Party (WP29) is announcing a workshop on implementation questions in Brussels in July. Meanwhile, uncertainty continues for trans-Atlantic data transfers as both the European Parliament and the European Data Protection Supervisor (EDPS) weigh in with views for negotiators on the EU-U.S. Privacy Shield, and the Irish Data Protection Commissioner (IDPC) announces the intention to initiate proceedings in the Irish High Court that may put before the Court of Justice of the European Union (CJEU) the validity of EU standard contractual clauses (or model contracts). (more…)
Sidley’s 2nd Annual Privacy and Cybersecurity Roundtable Provides Cross-Industry Insights from Senior Government Officials
Senior legal, economic and privacy leadership from U.S. and European government joined Sidley partners and senior counsel as panel participants at the 2nd Annual Privacy and Cybersecurity Roundtable. An audience of more than 70 privacy professionals across financial, healthcare and technology industries heard from three panels that focused on the latest developments and prospective issues in cybersecurity, big data and EU privacy.
Article 29 Working Party Releases Its Wish List for the EU-U.S. Privacy Shield
On April 13, the Article 29 Working Party announced that it had completed its assessment of the EU-U.S. Privacy Shield documentation. The announcement was followed by the release of a 58-page Opinion on the European Commission’s draft adequacy decision on the Privacy Shield.
Leaked Extracts on Working Party Opinion Indicate Approval of Privacy Shield May Not Be Imminent
Today, alleged extracts from the impending Article 29 Working Party Opinion on the adequacy of the Privacy Shield were leaked. These extracts indicate that a number of clarifications on the Privacy Shield documents will be required before the Working Party can confirm that the Privacy Shield, in its view, ensures a level of protection that is essentially equivalent to that in the EU. The full opinion is due to be published on Wednesday 13 April, and will form part of the package for consideration by the European Commission.
The EU-U.S. Privacy Shield Is a Victory for Common Sense and Transatlantic Good Will
*This post originally appeared in the Council on Foreign Relations’ Net Politics Blog on March 1, 2016.
When the Court of Justice of the European Union (CJEU) struck down Safe Harbor last year, it did so on the basis that the European Commission had not determined whether European data transferred to the United States enjoyed the same protections as in the European Union. Despite the fact a recent Sidley Austin report found that many U.S. privacy protections are essentially equivalent—if not stronger—than the European Union’s in national security matters and comparable in other areas, the Commission clearly needed to replace Safe Harbor with something else to satisfy the CJEU and domestic privacy activists.
European commission Publishes Privacy Shield Documents – Webinar Recording
On February 29, 2016, the European Commission released the legal texts that will implement the EU-U.S. Privacy Shield, as well as a communication summarizing the actions taken over the last few years to “restore trust in transatlantic data flows since the 2013 surveillance revelations.”
The documents include a draft adequacy decision, the Privacy Shield principles that companies will have to abide by, as well as written commitments by the U.S. government, to be published in the U.S. Federal Register, on the enforcement of the arrangement, including assurance on the safeguards and limitations concerning access to data by public authorities. On March 2, 2016, Sidley and DataGuidance presented a live webinar to investigate the latest details of the agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice, and Cameron Kerry, Senior Counsel and former General Counsel and Acting Secretary of the United States Department of Commerce.
Privacy Shield_ More Details Released from Cecile Park Conferences on Vimeo.
Details of the EU-U.S. Privacy Shield Are Published
The much-anticipated documentation for the EU-U.S. Privacy Shield, a new framework on transatlantic data flows, was published by the European Commission on February 29, 2016. The framework now will undergo a process of review and approval, including by the EU’s Article 29 Working Party, which is due to finish its review by the end of March 2016. If approved, it will take effect after an implementation period, during which all companies that wish to use the Privacy Shield as a basis for data transfers will have to certify in accordance with the new framework.
EU-U.S. Privacy Shield | What Next? – Webinar Recording
On February 2, 2016, the European Commission announced that an agreement had been reached regarding a new framework for the transfer of data to the U.S.: the EU-U.S. Privacy Shield. According to Vice-President of the European Commission, Andrus Ansip, and Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, who made the announcement, the new arrangement reflects the requirements set out by the Court of Justice of the European Union in Maximillian Schrems v. Data Protection Commissioner (C-362-14), and is due to come into force within three months. On February 5, Sidley and DataGuidance presented a live webinar to investigate the new agreement featuring Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.