On November 11, 2020, the European Data Protection Board published its long-awaited recommendations following the Schrems II judgement regarding supplementary measures that may be implemented to ensure the adequate protection of personal data when transferring the data to third countries.
Continue Reading EDPB Adopts Recommendations on Supplementary Measures for Data Transfers Following Schrems II Decision

On October 29, 2020, the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business, announced it can now file representative actions and claim damages on behalf of consumers for violations of various laws regarding consumer protection (including data protection law) in Belgium.
Continue Reading NOYB Approved to File Class Actions and Claim Damages in Front of Belgian Courts

On October 13, 2020, France’s highest administrative court issued a summary judgment that rejected a request for the suspension of France’s centralized health data platform, Health Data Hub.
Continue Reading French Highest Court Rejects Temporary Suspension of France’s Health Data Hub; Calls for Additional Guarantees Following Schrems II

The Centre for Information Policy Leadership at Hunton Andrews Kurth recently published a concept paper titled “Why We Need Interstate Privacy Rules for the U.S.” This blog entry provides highlights on the paper.
Continue Reading CIPL Publishes Concept Paper on an Interstate Privacy Interoperability Code of Conduct

On September 28, 2020, the U.S. Department of Commerce, along with the U.S. Department of Justice and the Office of the Director of National Intelligence, released a White Paper entitled Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II (the “White Paper”). The White Paper outlines privacy safeguards in and updates to the U.S. surveillance provisions flagged by the Court of Justice of the European Union (“CJEU”) in its Schrems II decision. It is intended to serve as a resource for companies transferring personal data from the EU to the U.S. in the wake of the CJEU’s decision overturning the EU-U.S. Privacy Shield. Particularly, it focuses on companies relying on Standard Contractual Clauses (“SCCs”) for data transfers, and provides information to help them determine whether the U.S. ensures adequate privacy protections for companies’ data.

Continue Reading U.S. Government Issues White Paper on Data Transfers after Schrems II Decision