fbpx

Download free GDPR compliance checklist!

Tag Archives for " Privacy Shield "

Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.

The hearing explored the policy issues that led to the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

Source: Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows | Privacy & Information Security Law Blog

New EU-U.S. data transfer pact not any time soon

Companies hoping the EU and the new U.S. administration will soon strike a new transatlantic data transfer pact to replace one struck down by a court will probably have to wait months for any result, the head of the EU privacy watchdog said on Friday.

“I don’t expect a new solution instead of Privacy Shield in the space of weeks, and probably not even months, and so we have to be ready that the system without a Privacy Shield like solution will last for a while,” told  European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski.

Source: New EU-U.S. data transfer pact? Not any time soon, says EU privacy watchdog | Reuters

EU-US data transfer clarity may take several months, warns head of EDPS

European Data Protection Supervisor (EDPS) Wojciech Wiewiorowski says he does not expect a new solution to the Privacy Shield problem for several months, as the Biden administration grapples with other priority issues.

The head of the EDPS told Reuters said he is doubtful that EU businesses will receive clarity in the coming weeks and months over the uncertainty around EU-US data transfers.

Source: EU-US data transfer clarity may take several months, warns head of EDPB

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

Privacy Shield Is Gone. So What Now?

With companies no longer able to rely on Privacy Shield for protection, companies have two main options available to them: to localize data storage and/or to strengthen their SCCs.

Other options include strong encryption, use of federated data and differential privacy.

The revocation of Privacy Shield does not have to result in a security vacuum. On the contrary, a secure data solution can protect a company from even the most stringent regulations.

Full article: Privacy Shield Is Gone. So What Now? – CPO Magazine

Data Protection Commission hit with massive legal bill after Facebook privacy case

Austrian privacy activist Max Schrems said: “The Irish taxpayer now has to pick up parts of the bill.”

The Data Protection Commission must pay the legal costs of Austrian privacy activist Max Schrems regarding a landmark EU ruling concerning Facebook, with the final bill likely to total in excess of €2m.

Such a bill would amount to in excess of 10% of the DPC’s entire annual budget.

Source: Data Protection Commission hit with massive legal bill after Facebook privacy case

EU data transfer laws might destroy Transatlantic commerce

Data privacy decisions from Europe this summer may have a large impact Transatlantic commerce.

In fact, if the U.S. and the EU don’t find a way to overcome the sudden hurdles placed in front of Transatlantic commerce, billions of dollars in trade are in jeopardy. Whether Congress takes the easy way, or trade representatives and courts are compelled to take the hard way, the cost of not seeking a resolution to this uncertainty is enormous.

Full article: EU data transfer laws might destroy Transatlantic commerce | TheHill

Schrems gets a judicial review of the Irish DPC’s procedure

European privacy campaigner Max Schrems has been granted a judicial review of the Irish regulator’s handling of his complaint.

He’s expecting the hearing to take place before the end of the year — and is hoping the action will, at long last, lead to a suspension of Facebook’s EU-US data transfers.

Schrems says his aim is to “kick start a ‘paused’ complaints procedure’” after Ireland’s Data Protection Commission (DPC) chose to open a new case procedure last month — simultaneously pausing its handling of his original complaint, which dates back some seven years at this point.

Source: Facebook EU-US data transfer complaint: Schrems gets a judicial review of the Irish DPC’s procedure | TechCrunch

German lawsuit accuses Amazon of breaking EU privacy law

Amazon faces a lawsuit in Germany over claims it has continued to transfer data to the United States using an invalidated transfer mechanism known as Privacy Shield.

The move comes after the EU’s top court struck down Privacy Shield in July over fears of U.S. snooping, throwing billions of euros in transatlantic digital trade into a legal limbo.

According to the lawsuit, which is due to be filed in a Munich court on Friday, Amazon continues to use Privacy Shield as a legal basis to send data to the U.S. in violation of the July ruling.

Source: German lawsuit accuses Amazon of breaking EU privacy law – POLITICO

1 2 3 10
>