The 37th Annual International Conference of Privacy Commissioners in Amsterdam last week was long planned around the proposals of the transatlantic Privacy Bridges Project for a series of concrete steps to bring the U.S. and EU closer together on privacy. But, with the CJEU’s Schrems decision blowing up the Safe Harbor bridge not long before the conference, there were many references to Safe Harbor as “the elephant in the room.” Perhaps aptly, the logo chosen for conference was a drawbridge.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-11-04 08:43:172015-11-04 08:43:17EU Commissioner Jourová encourages further progress amidst Safe Harbor fall out
This piece originally appeared in the Wall Street Journal on October 25, 2015.
As the world’s privacy commissioners gather Monday in Amsterdam for their annual conference, they face a data-flow dilemma that is roiling international commerce. The predicament is the result of a ruling by the Court of Justice of the European Union and the United States that facilitates the trans-Atlantic flow of digital information …Read More.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-10-27 11:19:032015-10-27 11:19:03Europe Needlessly Endangers Its U.S. Digital Links
In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union invalidated the US-EU Safe Harbor agreement on the basis that the European Commission had failed to sufficiently assess the protection of personal data of Europeans under the U.S. data protection regime. The Court alluded to U.S. surveillance activities under the PRISM program authorized by Section 702 of the Foreign Intelligence Surveillance Act, and appeared to assume U.S. law permits mass surveillance of Europeans with few limits, little clarity, and no opportunity for redress. However, the Court did not actually review or assess the applicable legal authorities, remedies, or array of checks and balances, safeguards, and independent oversight. If it had done so, it would have found numerous overlapping controls that assure that such surveillance is neither massive nor indiscriminate, but instead targeted to specific individuals and limited purposes, and provides legal remedies for Europeans. Indeed, prior to the scheduled expiration of the 702 program in 2017, U.S. congressional oversight committees will likely be comparing whether privacy safeguards in place for similar foreign programs are as effective as those of Section 702.
Significantly, the independent Privacy and Civil Liberties Oversight Board reviewed surveillance under Section 702 and found: “[T]the Section 702 program is not based on the indiscriminate collection of information in bulk. Instead the program consists entirely of targeting specific [non-U.S.] persons about whom an individualized determination has been made.” Key safeguards and controls include…
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-10-25 17:31:262015-10-25 17:31:26Safeguards and Oversight of U.S. Surveillance Under Section 702
On October 14, 2015, the Cybersecurity Task Force (Cybersecurity Task Force) of the National Association of Insurance Commissioners (NAIC) adopted a cybersecurity “Bill of Rights” that proposes certain rights for insurance consumers relating to the protection of their personal information by insurance companies, insurance producers and other entities regulated by state insurance departments. The Bill of Rights also outlines specific notices, information and actions that consumers should expect from such entities, particularly in the event of a data breach. This Bill of Rights, if adopted by NAIC’s Executive/Plenary Committees, could ultimately be incorporated in NAIC Model Acts and Regulations, and could be adopted by insurance companies on their own initiative.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-10-23 12:34:262015-10-23 12:34:26NAIC Task Force Adopts Cybersecurity “Bill of Rights” for Insurance Consumers
Everyone is talking about the European Court of Justice’s landmark judgment that declared the EU-U.S. Safe Harbor invalid.
As a follow-up to our webinar on October 8, “What Safe Harbor’s Invalidation Means for Your Business” took place on October 20, 2015 through a partnership with Sidley Austin LLP and DataGuidance. The European Data Protection Supervisor, Giovanni Buttarelli, held a special Q&A session where he shared his invaluable perspective on how the CJEU’s recent judgment will impact the business landscape. Mr. Buttarelli was joined by Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on the EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-10-23 10:22:342015-10-23 10:22:34Safe Harbor Data Privacy Briefing: Your Questions Answered by Giovanni Buttarelli
This post originally appeared in the Kluwer Competition Law Blog on October 20, 2015.
The European Commission (or to be more precise, and to point the finger in the right direction, DG Competition) has sweeping powers of investigation in cases of suspected infringement. Indeed, it has even sought and obtained powers that it then seems reluctant to use, such as the right to enter private homes in search of evidence. We still await in eager anticipation to see how it manages the first such intrusion into a domestic scene. In addition, it can call on the assistance of national authorities, some of whom have powers to go even further including bugging phones.
Why, then, does it on occasion pretend, or at least imply, to have powers that it does not possess?
The Article 29 Working Party, which includes representatives from all EU Data Protection Authorities, released its much-awaited guidance on the judgment by the European Court of Justice declaring the European Commission’s decision on the Safe Harbor to be invalid. Described as “a collective and common position on the judgment,” the “first consequences to be drawn at European and national level” are as follows:
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Cameron F. Kerryhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngCameron F. Kerry2015-10-16 13:57:242022-10-16 16:35:13European Data Protection Authorities Give Companies Three Months to Assess New International Data Transfer Solutions and Call “Urgently” for Safe Harbor 2.0 – Model Contracts and Binding Corporate Rules Remain Viable
On Monday, October 5, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform for mobile health developers and others interested in the intersection of information technology and health information privacy and security. Interested parties can submit questions and comments on issues related to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Meenakshi Dattahttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMeenakshi Datta2015-10-14 11:42:102022-10-19 13:18:09OCR Launches HIPAA Portal for Mobile Health Developers
EU Commissioner Jourová encourages further progress amidst Safe Harbor fall out
The 37th Annual International Conference of Privacy Commissioners in Amsterdam last week was long planned around the proposals of the transatlantic Privacy Bridges Project for a series of concrete steps to bring the U.S. and EU closer together on privacy. But, with the CJEU’s Schrems decision blowing up the Safe Harbor bridge not long before the conference, there were many references to Safe Harbor as “the elephant in the room.” Perhaps aptly, the logo chosen for conference was a drawbridge.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Edward R. McNicholas
emcnicholas@sidley.com
Cameron F. Kerry
ckerry@sidley.com
Europe Needlessly Endangers Its U.S. Digital Links
This piece originally appeared in the Wall Street Journal on October 25, 2015.
As the world’s privacy commissioners gather Monday in Amsterdam for their annual conference, they face a data-flow dilemma that is roiling international commerce. The predicament is the result of a ruling by the Court of Justice of the European Union and the United States that facilitates the trans-Atlantic flow of digital information …Read More.
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Safeguards and Oversight of U.S. Surveillance Under Section 702
In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union invalidated the US-EU Safe Harbor agreement on the basis that the European Commission had failed to sufficiently assess the protection of personal data of Europeans under the U.S. data protection regime. The Court alluded to U.S. surveillance activities under the PRISM program authorized by Section 702 of the Foreign Intelligence Surveillance Act, and appeared to assume U.S. law permits mass surveillance of Europeans with few limits, little clarity, and no opportunity for redress. However, the Court did not actually review or assess the applicable legal authorities, remedies, or array of checks and balances, safeguards, and independent oversight. If it had done so, it would have found numerous overlapping controls that assure that such surveillance is neither massive nor indiscriminate, but instead targeted to specific individuals and limited purposes, and provides legal remedies for Europeans. Indeed, prior to the scheduled expiration of the 702 program in 2017, U.S. congressional oversight committees will likely be comparing whether privacy safeguards in place for similar foreign programs are as effective as those of Section 702.
Significantly, the independent Privacy and Civil Liberties Oversight Board reviewed surveillance under Section 702 and found: “[T]the Section 702 program is not based on the indiscriminate collection of information in bulk. Instead the program consists entirely of targeting specific [non-U.S.] persons about whom an individualized determination has been made.” Key safeguards and controls include…
(MORE…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Cameron F. Kerry
ckerry@sidley.com
NAIC Task Force Adopts Cybersecurity “Bill of Rights” for Insurance Consumers
On October 14, 2015, the Cybersecurity Task Force (Cybersecurity Task Force) of the National Association of Insurance Commissioners (NAIC) adopted a cybersecurity “Bill of Rights” that proposes certain rights for insurance consumers relating to the protection of their personal information by insurance companies, insurance producers and other entities regulated by state insurance departments. The Bill of Rights also outlines specific notices, information and actions that consumers should expect from such entities, particularly in the event of a data breach. This Bill of Rights, if adopted by NAIC’s Executive/Plenary Committees, could ultimately be incorporated in NAIC Model Acts and Regulations, and could be adopted by insurance companies on their own initiative.
(more…)
Charlene McHugh
cmchugh@sidley.com
Kirk D. Lipsey
New York
klipsey@sidley.com
Clayton G. Northouse
cnorthouse@sidley.com
Edward R. McNicholas
emcnicholas@sidley.com
Andrew R. Holland
New York
aholland@sidley.com
Safe Harbor Data Privacy Briefing: Your Questions Answered by Giovanni Buttarelli
Everyone is talking about the European Court of Justice’s landmark judgment that declared the EU-U.S. Safe Harbor invalid.
As a follow-up to our webinar on October 8, “What Safe Harbor’s Invalidation Means for Your Business” took place on October 20, 2015 through a partnership with Sidley Austin LLP and DataGuidance. The European Data Protection Supervisor, Giovanni Buttarelli, held a special Q&A session where he shared his invaluable perspective on how the CJEU’s recent judgment will impact the business landscape. Mr. Buttarelli was joined by Sidley partners William Long, who advises on European privacy law, Maarten Meulenbelt, who advises on the EU regulatory affairs, and Alan Charles Raul, co-leader and founder of Sidley’s Privacy, Data Security and Information Law practice.
Data Matters Contributors
sidleyprivacyblog@sidley.com
Call My Bluff
This post originally appeared in the Kluwer Competition Law Blog on October 20, 2015.
The European Commission (or to be more precise, and to point the finger in the right direction, DG Competition) has sweeping powers of investigation in cases of suspected infringement. Indeed, it has even sought and obtained powers that it then seems reluctant to use, such as the right to enter private homes in search of evidence. We still await in eager anticipation to see how it manages the first such intrusion into a domestic scene. In addition, it can call on the assistance of national authorities, some of whom have powers to go even further including bugging phones.
Why, then, does it on occasion pretend, or at least imply, to have powers that it does not possess?
Stephen Kinsella
skinsella@sidley.com
European Data Protection Authorities Give Companies Three Months to Assess New International Data Transfer Solutions and Call “Urgently” for Safe Harbor 2.0 – Model Contracts and Binding Corporate Rules Remain Viable
The Article 29 Working Party, which includes representatives from all EU Data Protection Authorities, released its much-awaited guidance on the judgment by the European Court of Justice declaring the European Commission’s decision on the Safe Harbor to be invalid. Described as “a collective and common position on the judgment,” the “first consequences to be drawn at European and national level” are as follows:
(more…)
Cameron F. Kerry
ckerry@sidley.com
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
OCR Launches HIPAA Portal for Mobile Health Developers
On Monday, October 5, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform for mobile health developers and others interested in the intersection of information technology and health information privacy and security. Interested parties can submit questions and comments on issues related to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
(more…)
Meenakshi Datta
Chicago
mdatta@sidley.com
Anna Spencer
aspencer@sidley.com
Rina Mady
Chicago
rmady@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Alan Charles Raul
araul@sidley.com
Sean Royall
sroyall@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
John K. Van De Weert
jvandeweert@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com