Privacy Shield

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

Consumer Loan Data Seller Receives $1.5 Million FTC Penalty, With Accompanying Executive Liability | Consumer Privacy World

Authors of

CPW is proud to share with its readers that Global Data Review, a leading data law and regulation publication, has ranked Squire Patton Boggs among 25 Elite firms in its 2022 edition of the GDR 100.  GDR identifies and profiles the world’s leading law firms.  GDR notes that firms with the Elite designation in

Wednesday 2 December 2020
Noon – 12:30 p.m. GMT

As reported on this Blog, on 12 November 2020, the European Commission published a draft decision and draft standard contractual clauses for the transfer of personal data to third countries.  Once approved, organisations that rely on SCCs for transfers will have a one-year grace period

Data Protection ShieldOn 16 July 2020, the Court of Justice of the EU (“CJEU” or the “Court”) delivered another landmark decision on international data transfers – the so-called Schrems II judgment.  In its decision, the CJEU invalidated the EU Commission’s adequacy decision on the EU-US Privacy Shield Framework (“Privacy Shield”), on which thousands of US companies have been relying to lawfully transfer personal data from the EU to the US.  In the same decision, the CJEU confirmed the validity of the Standard Contractual Clauses (“SCCs” or “Clauses”) in principle, but made clear that their legality must considered on a case-by-case basis in light of the circumstances of the particular transfer.

US companies currently relying on Privacy Shield will need to move quickly to evaluate their ability to make use of alternative data transfer mechanism such as the SCCs, Binding Corporate Rules (“BCRs”) or, where applicable, one of the specific transfer-related derogations provided for in the EU General Data Protection Regulation (“GDPR”).
Continue Reading CJEU Invalidates the EU-US Privacy Shield Framework but Leaves the Standard Contractual Clauses Intact, Subject to Major Caveats

On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back the Privacy Shield. In particular, the finding that the United States continues to ensure an adequate level of protection for personal data transferred from the EU to self-certified organizations in the US under the Privacy Shield sends a positive signal to businesses that rely on transatlantic data flows. This is especially important in light of the ongoing judicial challenges that the Commission’s approved standard contractual clauses, also referred to as model clauses, currently face.
Continue Reading Privacy Shield: First Annual Review Report Published