The International Association of Privacy Professionals (IAPP) explains the nexus of Schrems II, Privacy Shield and Brexit.

“While the adequacy assessment for the U.K. is currently underway, a U.K. adequacy finding is by no means a given. Given that the EU-U.S. Privacy Shield appears to have been invalidated primarily because of concerns about U.S. law

The European Data Protection Board has issued its much anticipated FAQs on what the Court of Justice of the European Union’s decision in Schrems II means for cross-border data transfers.

There is still no word on the “supplementary measures” that companies will need to implement on top of Standard Contract Clauses and Binding Corporate Rules

In a landmark decision in what is popularly known as the “Schrems II” case, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield, the framework that facilitated the transfers of personal data from the European Union to the United States for thousands of companies. The court cited the breadth of National

After a number of data protection authorities issued statements demonstrating differing approaches to cross-border transfers to the U.S. in the wake of the Court of Justice of the European Union’s decision in Schrems II (e.g. several of the German DPAs), the Spanish data protection authority Agencia Española Proteción Datos (AEPD) stressed the importance of a

“The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States

“The United States shares the values of rule of law and protection of our democracies with our partners in the European Union (EU). Therefore, we are deeply disappointed that the Court of Justice of the European Union (ECJ) has invalidated the EU-U.S. Privacy Shield framework,” said U.S. Secretary of State Mike Pompeo.

“The United States

The European Court of Justice’s ruling in Schrems II, invalidating the EU-U.S. Privacy Shield framework as a means of transmitting personal data from the EU to the U.S., has drawn swift reaction from data protection authorities and other entities across Europe. Here are a few of the responses:

Vera Jourova, Vice President, European Commission

“I know citizens and businesses are seeking reassurance today on both sides of the Atlantic. So let me be clear: we will continue our work to ensure the continuity of safe data flows.

We will do this:

  • in line with today’s judgment
  • in full respect of EU law
  • and in line with the fundamental rights of citizens.”

” The Commission has already been working intensively to ensure that the toolbox [for cross border transfer tools] is fit for purpose, including the modernization of the Standard Contractual Clauses … We will now swiftly finalize it. Today’s ruling provides further valuable guidance for us and we will make sure that the updated tool will be fully in line with it.”


Continue Reading Governments, Data Protection Authorities React to EU-US Privacy Shield Ruling

The Court of Justice of the European Union (CJEU), in its decision in the Schrems II case, has invalidated the EU-U.S. Privacy Shield method for cross-border transfer of personal data from the European Union to the United States, citing surveillance practices by U.S. public authorities and inadequate legal recourse to EU individuals.

Standard Contractual Clauses

“Adequacy” seems to be the hardest word.

On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.?

This question

In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018.

The Department of