On September 7, 2020, the European Data Protection Board released draft Guidelines 07/2020 on the concepts of controller and processor in the EU General Data Protection Regulation. We provide a summary of the key takeaways from the guidelines.
Continue Reading EDPB Publishes Guidelines on the Concepts of Controller and Processor in the GDPR
Court of Justice of the European Union
Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
Posted on
Posted in Information Security, International
On September 8, 2020, the Swiss Data Protection Authority announced in a position statement that it no longer considers the Swiss-U.S. Privacy Shield adequate for the purposes of transfers of personal data from Switzerland to the United States.…
Continue Reading Swiss-U.S. Privacy Shield No Longer Considered Adequate by Swiss DPA
EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
Posted on
Posted in European Union, International
On September 4, 2020, the European Data Protection Board announced that it established two taskforces following the judgment of the CJEU in the Schrems II case. …
Continue Reading EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision
European Parliament Meeting on Future of EU-U.S. Data Flows
Posted on
On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union.…
Continue Reading European Parliament Meeting on Future of EU-U.S. Data Flows
Department of Commerce Publishes FAQs Regarding Impact of Schrems II Decision
Posted on
The U.S. Department of Commerce has issued two new sets of FAQs in light of the CJEU’s recent decision to invalidate the EU-U.S. Privacy Shield in Schrems II. …
Continue Reading Department of Commerce Publishes FAQs Regarding Impact of Schrems II Decision
Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
Posted on
Posted in European Union, International
On July 28, 2020, German supervisory authorities issued a statement reiterating the requirement for additional safeguards when organizations rely on Standard Contractual Clauses or Binding Corporate Rules for the transfer of personal data to third countries in the wake of the Court of Justice of the European Union’s invalidation of the Privacy Shield Framework.…
Continue Reading Schrems II Update: German SAs Require Additional Safeguards for U.S. Transfers and Max Schrems Set to Challenge Facebook Data Transfers Again
EDPB Publishes FAQs on Implications of the Schrems II Case
Posted on
Posted in European Union, International
On July 24, 2020, the European Data Protection Board published a set of Frequently Asked Questions on the judgment of the Court of Justice of the European Union in the Schrems II case.…
Continue Reading EDPB Publishes FAQs on Implications of the Schrems II Case
Regulators Issue Reactions to Invalidation of EU-U.S. Privacy Shield Framework
Posted on
In the aftermath of the CJEU’s unexpected ruling, organizations in the EU and U.S. that rely on Privacy Shield certification for transfers of EU personal data are awaiting guidance from EU data protection regulators. …
Continue Reading Regulators Issue Reactions to Invalidation of EU-U.S. Privacy Shield Framework
BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid
Posted on
On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.…
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid
Webinar on Schrems II: The Practical Implications for Businesses
Posted on
Join us for a webinar on the Schrems II case to discuss the ruling on the validity of Standard Contractual Clauses and the implications on global data transfers. This post includes a link to register for the webinar. …
Continue Reading Webinar on Schrems II: The Practical Implications for Businesses