In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated. Further, and broader than the invalidation of Privacy Shield adequacy decision, the Schrems II judgement found that US surveillance measures interfered with what are considered “fundamental rights” under EU law, i.e., the rights
Can European Websites use Google Analytics and Similar Services Without Violating the GDPR?
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced to reexamine their transfers of personal information out of the EU, and the safeguards that they rely on…
EU Data Transfers Update: You Have a Lot of Weekend Reading To Do!
If you’re a company that has been scratching your head and racking your brain since the Schrems II decision issued on July 16, 2020, invalidating Privacy Shield and calling into question all data transfers between the EU and third countries on surveillance-related grounds, your wish for more guidance has finally come true.
This week, the…
Speed Dating in the UK? Negotiating New Data Protection Relationships with the EU
With all that has happened this year, most of us can’t wait until 2020 is in the rear view mirror. The end of 2020, however, marks the end of the transition period provided, post-Brexit, to allow time for UK businesses and organizations that rely on international data flows, target European customers or operate inside the…
Privacy Shield is Invalid. Time to Reconsider Cross-Border Data Transfers and Responses to US Surveillance Requests
Last week, on July 16, 2020, Europe’s top court invalidated the EU-US data flow arrangement called Privacy Shield. In a world with competing privacy regulations, many thousands of global businesses relied heavily Privacy Shield to conduct their business across EU-US borders (there are 5300+ current Privacy Shield participants, and the transatlantic economic relationship is valued…
Will Big Tech Share More Data in the Fight Against COVID-19?
Just last year the public was scrutinizing Big Tech for its collection and use of extraordinary amounts of data about people’s activities, from real-world location tracking to virtual lingering and clicks. This scrutiny led to the landmark California Consumer Privacy Act, among other general privacy and data protection laws around the world. Will Big Tech…
Taking A Stand (And Facebook)
The number of actions to enforce the European Union’s General Data Protection Regulation (GDPR) against a wide range of companies continues to rise. Germany, a country where privacy enjoys strong legal protection, is establishing itself as a favorite jurisdiction for enforcement of the GDPR. And, not surprisingly, Facebook is one of the companies in the…
GDPR Enforcement a Foreshadowing of 2020-2021 US Privacy and Cybersecurity Litigation?
ZDNet.com, relying on research by Forrester Research, recently reported that “GDPR enforcement is on fire!” This is likely a foreshadowing of the prevalence of US privacy enforcement proceedings in the near future. Indeed, it appears that if the FTC and AG offices are not able to keep up, plaintiffs in the United States are more…