On March 29, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its draft guidelines on the accreditation of certification bodies under the GDPR (the “Guidelines”). The Guidelines were adopted by the Working Party on February 6, 2018, for public consultation. Continue Reading CIPL Submits Comments to Article 29 Working Party’s Draft Guidelines on the Accreditation of Certification Bodies under the GDPR

On March 26, 2018, the U.S. Department of Commerce posted an update on the actions it has taken between January 2017 and March 2018 to support the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”). The update details measures taken in support of commercial and national security issues relating to the Privacy Shield. Continue Reading U.S. Department of Commerce Posts Update of Actions to Support the Privacy Shield Frameworks

On January 24, 2018, the European Commission issued a communication to the European Parliament and the Council (the “Communication”) on the direct application of the EU General Data Protection Regulation (“GDPR”). The Communication (1) recounts novel elements of the GDPR that create stronger protections for individuals and new opportunities for organizations, (2) reviews preparatory work undertaken to date for GDPR implementation, (3) outlines remaining steps for successful preparation and (4) outlines measures the European Commission intends to take up until May 25, 2018. Continue Reading EU Commission Releases Communication on Remaining Issues for GDPR Preparation

As we previously reported, this October, the EU Commission released its report and accompanying working document on the first annual review of the EU-U.S. Privacy Shield framework. On November 28, 2017, the Article 29 Data Protection Working Party (the “Working Party”) adopted an opinion on the review (the “Opinion”). While the Opinion notes that the Working Party “welcomes the various efforts made by US authorities to set up a comprehensive procedural framework to support the operation of the Privacy Shield,” the Opinion also identifies some remaining concerns and recommendations with respect to both the commercial and national security aspects of the Privacy Shield framework. The Opinion also indicates that, if the EU and U.S. do not, within specified time frames, adequately address the Working Party’s concerns about the Privacy Shield, the Working Party may bring legal action to challenge the Privacy Shield’s validity.

Read the full text of the Opinion.

The Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”) recently submitted responses to the Irish Data Protection Commissioner (IDPC Response) and the CNIL (CNIL Response) on their public consultations, seeking views on transparency and international data transfers under the EU General Data Protection Regulation (“GDPR”).

The responses address a variety of questions posed by both data protection authorities (“DPAs”) and aim to provide insight on and highlight issues surrounding transparency and international transfers. Continue Reading CIPL Responds to CNIL and Irish DPC on Transparency and Data Transfers under the GDPR

On October 18, 2017, the EU Commission (“Commission”) released its report and accompanying working document on the first annual review of the EU-U.S. Privacy Shield framework (collectively, the “Report”). The Report states that the Privacy Shield framework continues to ensure an adequate level of protection for personal data that is transferred from the EU to the U.S. It also indicates that U.S. authorities have put in place the necessary structures and procedures to ensure the proper functioning of the Privacy Shield, including by providing new redress possibilities for EU individuals and instituting appropriate safeguards regarding government access to personal data. The Report also states that Privacy Shield-related complaint-handling and enforcement procedures have been properly established.

Continue Reading EU Commission Releases Report on First Annual Review of the EU-U.S. Privacy Shield Framework

Hunton & Williams LLP is pleased to announce that Lisa Sotto, chair of the firm’s top-ranked Global Privacy and Cybersecurity practice and managing partner of the firm’s New York office, has been selected as an arbitrator in connection with the EU-U.S. Privacy Shield Framework Binding Arbitration Program.

Continue Reading Lisa Sotto Selected as Arbitrator for the EU-U.S. Privacy Shield

On September 18, 2017, the European Commission (“Commission”) and U.S. Department of Commerce (“Department”) kicked off their first annual joint review of the EU-U.S. Privacy Shield (“Privacy Shield”).  To aid in the review, the Department invited a few industry leaders, including Hunton & Williams’ partner Lisa J. Sotto, who chairs the firm’s Global Privacy and Cybersecurity practice and the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, to speak about their experiences during the first year of the Privacy Shield.

Continue Reading Lisa Sotto Invited to Speak at Privacy Shield’s First Annual Joint Review

On September 8, 2017, the Council of the European Union published its proposed revisions to the draft E-Privacy Regulation (“EPR”), which was first published by the European Commission in January 2016. The revisions have been made based on written comments and discussions involving the Working Party for Telecommunications and Information Society (“WP TELE”) and serve as a discussion for further meetings of the group in late September 2017.

Continue Reading Progress on Draft ePrivacy Regulation – EU Council Publishes Proposed Amendments

On September 13, 2017, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy published a Joint Communication to the European Parliament and the Council of the European Union on “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU” (“Joint Communication”). This Joint Communication is part of a package of EU documents adopted on the same date aimed at delivering a stronger EU response to cyber attacks. In particular, the Joint Communication puts forward targeted measures to (1) build greater EU resilience to cyber attacks, (2) better detect cyber attacks, and (3) strengthen international cooperation on cybersecurity.
Continue Reading EU Publishes Measures to Strengthen EU Cybersecurity Structures and Capabilities