Cross-border data transfers

Are Model Clauses Now in Jeopardy?

David Smith

Max Schrems is busy again. As many predicted, this time he is going after Facebook’s use of model clauses. He argues that the reasoning for the invalidation of Safe Harbor applies equally to transfers to the US by way of model clauses because the data is subject to the same mass indiscriminate access by the Read More

No Comments

EU-US Privacy Shield: Trouble Ahead?

Peter van Dyck

On 29 February, the European Commission published the draft texts that constitute the EU-US Privacy Shield. The Article 29 Working Party quickly followed this up with a press release, welcoming the publication of the EU-US Privacy Shield, but stating (somewhat ominously) that the draft texts “have to be analysed with great attention as regards the Read More

No Comments

Brexit – the potential impact on data protection legislation

Charlotte Mullarkey

We are at an interesting time for data protection legislation in the UK. The existing EU Data Protection Directive, implemented in national law by each Member State, will almost certainly be replaced in 2018 by a new, recently agreed General Data Protection Regulation (the GDPR), which will be directly applicable. This contains some fairly onerous Read More

No Comments

A leap forward for the EU-US Privacy Shield

Nigel Parker

Taking advantage of our extra day this month, the European Commission has today issued a press release summarising the steps taken to restore trust in transatlantic data flows following the 2013 surveillance revelations and the 2015 judgment of the CJEU in the Schrems case. The press release is accompanied by a draft “adequacy decision” as Read More

No Comments

Data protection class actions under German consumer protection regulations

Frank Schemmel

On 24 February 2016 a new Bill to promote civil class actions in consumer protection regulations under data protection law (Gesetz zur Verbesserung der zivilrechtlichen Durchsetzung von verbraucherschützenden Vorschriften des Datenschutzrechts) came into force. Strengthening of data protection enforcement German consumer organisations and regulatory bodies (including data protection authorities, but not the Federal Financial Supervisory Read More

No Comments

Article 29 reserves position on EU-U.S. Privacy Shield; uncertainty for companies remains

Jane Finlayson-Brown

Following the European Commission’s announcement on 2 February 2016 that agreement had been reached with the U.S. government on a new EU-U.S. Privacy Shield, the Article 29 Working Party (the A29 WP) held a press conference on 3 February confirming that whilst they see the agreement between negotiators as a positive step, they are reserving their position as to Read More

No Comments