Article 29 Working Party Issues Statement on EU-U.S. Privacy Shield and Other Data Transfer Mechanisms

On February 3, 2016, the Article 29 Working Party (the “Working Party”) issued a statement on the consequences of the ruling of the Court of Justice of the European Union (the “CJEU”) in the Schrems case invalidating the European Commission’s Safe Harbor Decision.

Continue Reading

Plaintiffs Survive Motion to Dismiss in Remanded Data Breach Litigation

A federal judge of the U.S. District Court for the Northern District of Illinois denied Neiman Marcus’ motion to dismiss in Remijas et al. v. Neiman Marcus Group, LLC, 1:14-cv-01735.  As we previously reported, the Seventh Circuit reversed Judge James B. Zagel’s earlier decision dismissing the class action complaint based on Article III standing. At that time the Seventh Circuit declined to analyze dismissal under Federal Rule of Civil Procedure 12(b)(6) due to, among other reasons, the district court’s focus on standing.

Continue Reading

New Deal Between EU and U.S. Reached Regarding Transatlantic Data Transfers

On February 2, 2016, a new EU-U.S. transatlantic data transfer agreement was reached. Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, presented the new agreement to the European Commission (the “Commission”) today. According to the Commission’s press release, the new agreement will be called the EU-U.S. Privacy Shield.

Continue Reading

Safe Harbor Deal Between EU and U.S. Not Yet Reached as Negotiations Continue

On February 1, 2016, Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, told the European Parliament that an agreement on a new U.S.-EU Safe Harbor agreement has not yet been reached. Jourová indicated that an agreement is close, but additional work is needed to finalize it.

Continue Reading

CIPL Holds Safe Harbor “Essential Equivalence” Roundtable with Top European Voices

On January 28, 2016, the Centre for Information Policy Leadership (“CIPL”) held a special roundtable at Hunton & Williams’ Brussels office to examine the “essential equivalence” requirement for protection of data transfers to non-EU countries set by the Court of Justice of the European Union’s (“CJEU’s”) Schrems decision. The roundtable brought together leading lawyers, corporate privacy officers, legal experts, regulators and policymakers to discuss the critical issues and impact of the new “essential equivalence” requirement for global data transfers set by the CJEU, and its relevance to the current EU-U.S. negotiations of a new Safe Harbor agreement.

Continue Reading

Senate Judiciary Committee Passes Amended Judicial Redress Act

On January 28, 2016, the Senate Judiciary Committee passed the Judicial Redress Act (the “Act”), which would give EU citizens the right to sue over certain data privacy issues in the U.S. The Act passed after an amendment was approved which would condition EU citizens’ right to sue on EU Member States (1) allowing companies to transfer personal data to the U.S. for commercial purposes and (2) having personal data transfer policies which do not materially impede the national security interests of the U.S. The vote was initially set to take place on January 21, 2016, but was delayed.

Continue Reading

New Safe Harbor Deal Between EU and U.S. May Be Imminent

According to Bloomberg BNA, Paul F. Nemitz, Director for Fundamental Rights and Union Citizenship at the Directorate-General Justice of the European Commission, said at a privacy conference that he hoped a new U.S.-EU Safe Harbor agreement would be reached by the evening of Monday, February 1, 2016.

Continue Reading

Russian Data Protection Authority Releases 2016 Audit Plan for Localization Law

On January 13, 2016, the Russian Data Protection Authority (Roscommandzor) released its plan for audits this year to assess compliance with Russia’s data localization law, which became effective on September 1, 2015. The localization law requires companies to store the personal data of Russians in databases located in Russia. The audit plan indicates that the Roscommandzor will audit large, multinational companies doing business in numerous jurisdictions and processing the personal data of Russian citizens.

Israel Postpones Possibility of Any U.S.-EU Safe Harbor Enforcement

On January 21, 2016, the Israeli Law, Information and Technology Authority (“ILITA”) announced that it would postpone for the time being any review or enforcement actions on data transfers from Israel to the United States that are based on the U.S.-EU Safe Harbor framework.

Continue Reading

Senate Vote on Judicial Redress Act Delayed

On January 21, 2016, a Senate Judiciary Committee vote on the Judicial Redress Act, which would give EU citizens the right to sue over certain data privacy issues in the U.S., has reportedly been postponed. As reported by Forbes, the vote may have been delayed due to amendments to the fifth paragraph of the bill, which deals with litigation pursuant to the act. The vote was initially scheduled for today.

Continue Reading

LexBlog