“Convention 108+ (Convention 108 as amended by the protocol) is set to become the international standard on privacy and data protection in the digital age, and represents a viable tool to facilitate international data transfers while guaranteeing an appropriate level of protection for people globally,”  say Alessandra Pierucci, Chair of the Committee of Convention 108

Privacy Shield is gone but not forgotten.

Adam C. Schlosser, for the International Association of Privacy Professionals (IAPP), writes on why the EU-U.S. Privacy Shield is still a useful data protection governance tool.

“Simply leaving the Privacy Shield program or disregarding its principles would be a mistake, particularly for those organizations that have already built

EUobserver prints an op-ed on SchremsII:

“With this decision, Europe is sliding toward a system of data localisation in which European data must stay in Europe. Big companies can likely bear the cost of creating redundant data systems in Europe, and for cloud computing providers that already have data centres in Europe…this decision could bring

The Data Protection Authority for the Rhineland-Palatinate in Germany suggests there is a need for legislation limiting the use of contact tracing data.

Anyone sitting in the beer garden should not later be questioned by the police with respect to an administrative offense or minor damage to property based on the fact that their name

In a letter to the country’s Social Security Administration, Iceland’s Data Protection Authority Personuvernd states that IP addresses are not a reliable way to determine a person’s true location.

The DPA was reviewing a decision of the state Social Security Administration that had relied on an IP address to determine whether individuals on the unemployment

The European Data Protection Board has issued its much anticipated FAQs on what the Court of Justice of the European Union’s decision in Schrems II means for cross-border data transfers.

There is still no word on the “supplementary measures” that companies will need to implement on top of Standard Contract Clauses and Binding Corporate Rules

The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection authorities and other entities across Europe. Here are a few of the responses:

Vera Jourova, Vice President, European Commission

“I know citizens and businesses are seeking reassurance today on both sides of the Atlantic. So let me be clear: we will continue our work to ensure the continuity of safe data flows.

We will do this:

  • in line with today’s judgment
  • in full respect of EU law
  • and in line with the fundamental rights of citizens.”

” The Commission has already been working intensively to ensure that the toolbox [for cross border transfer tools] is fit for purpose, including the modernization of the Standard Contractual Clauses … We will now swiftly finalize it. Today’s ruling provides further valuable guidance for us and we will make sure that the updated tool will be fully in line with it.”


Continue Reading Governments, Data Protection Authorities React to EU-US Privacy Shield Ruling

The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United States, citing surveillance practices by U.S. public authorities and inadequate legal recourse to EU individuals.

Standard Contractual Clauses