fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " Privacy Shield "

CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

On July 9 the Court of justice of European Union had its session in so called Schrems II case. The question is; whether U.S. law on the access of national security agencies to the personal data of non nationals, the Foreign Intelligence Service Act, breaks European data protection laws. And if so, does that invalidate currently legal data transfer mechanisms?

Court heard from the Irish Data Protection Commissioner, Facebook, the Electronic Privacy Information Center, DigitalEurope, the Business Software Alliance, the European Commission, the European Data Protection Board, the U.S. government as well as several EU countries and representatives of Max Schrems himself.

The EU court’s Advocate General Henrik Saugmandsgaard Øe said he will give his non-binding opinion in the case December 12 this year, with a full decision expected by early 2020.

Source: CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

There is a significant risk the CJEU will declare these transfer mechanisms as invalid. If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Read full article: SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Privacy Shield Ombudsperson Confirmed by US Senate

On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department.

The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland to the U.S. under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework, respectively.

Source: Privacy Shield Ombudsperson Confirmed by the Senate

FTC Takes Action Against Companies Misrepresenting Compliance with the EU-U.S. Privacy Shield 

The Federal Trade Commission announced that it has taken action against a number of companies that allegedly misrepresented their compliance with the EU-U.S., as well as Swiss-U.S. Privacy Shield frameworks and other international privacy agreements.

FTC and SecurTest, Inc. reached a settlement agreement over allegations that SecurTest falsely claimed to participate in the Privacy Shield. The FTC also reported that it sent warning letters to 13 companies for claiming to participate in the U.S.-EU and U.S.-Swiss Safe Harbor frameworks and to two companies for falsely claiming to participate in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.

Source: FTC Takes Action Against Companies Misrepresenting Compliance with the EU-U.S. Privacy Shield and Other International Privacy Agreements

Privacy Shield and Standard Contractual Clauses will be assessed by European Courts

On the first and second of the July, the General Court of the European Union (which is part of the Court of Justice of the European Union (CJEU)) will hear a case against the EU-U.S. Privacy Shield brought by three French NGOs, La Quadrature du Net, French Data Network and Fédération FDN.

A week later, on 9 July, the CJEU will hear arguments in Schrems II, in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US.

Judgments in these cases are expected towards the end of 2019 or beginning of 2020. there is high probability that either or both the Privacy Shield and SCCs will be invalidated as a mechanism for transferring personal data outside the EU, in a similar manner to the invalidation of Safe Harbor in 2015.

Source: Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

Privacy Shield complaint to be heard by Europe’s top court in July

A legal challenge to the EU-US Privacy Shield, a mechanism used by thousands of companies to authorize data transfers from the European Union to the US, will be heard by Europe’s top court this summer.

The General Court of the EU has set a date of July 1 and 2 to hear the complaint brought by French digital rights group, La Quadrature du Net, against the European Commission’s renegotiated data transfer agreement which argues the arrangement is still incompatible with EU law on account of US government mass surveillance practices.

Source: EU-US Privacy Shield complaint to be heard by Europe’s top court in July

Supreme Court dismisses Facebook appeal over transfer of user personal data to the US

Ireland’s Supreme Court has dismissed Facebook’s appeal over a High Court decision to refer key issues concerning the validity of European Commission decisions approving EU-US data transfer channels to the Court of Justice of the EU.

The referral was made by the High Court in proceedings by the Data Protection Commissioner (DPC) arising from complaints by Austrian lawyer Max Schrems the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.

Source: Supreme Court dismisses Facebook appeal over transfer of user personal data to the US – Independent.ie

EU Data Protection Board not happy with EU-US Privacy Shield second review

On December 19, the EU Commission released its report on the second review of the EU-US Privacy Shield arrangement, the mechanism that allows for the transfer of data between the EU and the US. Overall, the Commission fins that the US authorities has taken steps to improve the functioning of the framework.

On January 24, the EU Data Protection Board gathering all EU data protection authorities announced that due to substantial shortcomings, the EU-US Privacy Shield risk could be struck down by the European Court of Justice later this year.

Source: EU-US Privacy Shield second review: “it’s mostly fine” says the Commission, “not really” replies the EU Data Protection Board

Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data

On December 20, 2018, the Department of Commerce updated its frequently asked questions on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019.

The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after such time.

Source: Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data | Privacy & Information Security Law Blog

1 2 3 7
>