Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: European Commission

Posted in International/EU Privacy

Article 29 Working Party Sees Privacy Shield Glass Half Empty

From the moment that the Chairman of the Article 29 Working Party, Isabelle Falque-Pierrotin, announced at a press conference on 3rd February this year that the Working Party would assess the standing of the EU-US Privacy Shield under EU law, privacy professionals have been waiting to see what the Working Party’s view would be. Earlier this week, on 13th April, the Working Party provided their initial opinion. On the one hand, the Working Party welcomed the significant improvements of the Privacy Shield as a positive step forward. Yet, on the other hand, the Working Party set out their strong concerns on the commercial aspects of the Privacy Shield and the ability for US public authorities to access data transferred under the Privacy Shield. The opinion concluded by urging the European Commission to resolve these concerns and improve the Privacy Shield.

Posted in International/EU Privacy

Inside the New EU-U.S. Data Framework: A Practical Breakdown of the Privacy Shield

The February 29, 2016 announcement of the new EU-U.S. data transfer framework—the Privacy Shield—was accompanied by over 130 pages of documentation and significantly more operational details than its predecessor, Safe Harbor. We have reviewed the Privacy Shield materials and published a comprehensive breakdown of the changes from Safe Harbor to Privacy Shield and the practical impact on business: Inside the New and Improved EU-U.S. Data Transfer Framework.

Posted in International/EU Privacy

First Look: EU–U.S. Privacy Shield

On February 29, 2016 and after more than two years of negotiations with the U.S. Department of Commerce, the European Commission released its draft Decision on the adequacy of the new EU–U.S. Privacy Shield program, accompanied by new information on how the Program will work. The Privacy Shield documentation is significantly more detailed than that associated with its predecessor, the EU-U.S. Safe Harbor, as it describes more specifically the measures that organizations wishing to use the Privacy Shield must implement. Importantly, the Privacy Shield provides for additional transparency and processes associated with U.S. government access to the personal data of EU individuals.

Posted in International/EU Privacy

European Multi-Stakeholder Group Releases Connected Vehicles Report

Connected cars can generate large volumes of data, including data on engine performance, location, and driver behaviour. The European Commission has convened multi-stakeholder groups to figure out how to organize access to that data in a safe, competitively neutral, and privacy-friendly way. Two recent reports shed light on the principles under consideration for data sharing infrastructures in the EU. And legislative and regulatory developments in the EU will likely have a substantial impact on connected car deployments.

Posted in International/EU Privacy

A New Turn in the Safe Harbor Roller Coaster

The roller coaster of developments affecting the Safe Harbor framework shows no signs of slowing down. It has taken a couple of years since Edward Snowden’s revelations for the train to reach to its highest point, but once the European Court of Justice ruled on the Schrems case, we knew it would be a bumpy ride. In the past weeks, most of the attention has focused on the EU data protection authorities, which are now more emboldened than ever and keen to capitalize on the ECJ’s decision to tighten the regime affecting international dataflows. The European Commission’s communication of 6 November to the European Parliament and the Council of the EU, coupled with its practical guidance, represents yet another turn in this uncertain journey. At the same time, the Commission’s intervention is helpful in terms of the decision-making process that many organisations—for which transatlantic transfers are vital—are trying to grapple with.

Posted in International/EU Privacy

European Commission Issues Opinion on Safe Harbor after Schrems

On November 6, 2015, the European Commission issued its widely anticipated Communication to the European Parliament and Council about the effect of the Court of Justice of the European Union’s Schrems decision, which invalidated the U.S.-EU Safe Harbor framework. The Commission expresses a commitment to negotiate with the U.S. Government a new framework for cross-border transfers of personal data. The Commission also emphasizes that the Communication does not have binding legal effect, but concludes that companies should rely on “alternative tools” for authorizing data flows to third countries like the United States.

Posted in International/EU Privacy

Safe Harbor Invalidated – What Next?

On 6 October 2015, the Court of Justice of the European Union declared the EU-US Safe Harbor framework invalid as a mechanism to legitimize transfers of personal data from the EU to the US. This decision effectively leaves any organisation that relied on Safe Harbor exposed to claims that such data transfers are unlawful. In this post, we outline the effects of the decision and a suggested plan of action, and include details for a webinar we will be hosting on Wednesday, 7 October to discuss the next steps that organisations should take.

Posted in International/EU Privacy

Future-Proofing Privacy: A Guide to Preparing for the EU Data Protection Regulation

It’s been a long way and the task is not over yet. However, there is light at the end of the EU data protection reform tunnel. The modernisation of European privacy laws has reached a critical milestone and we can now safely assume that this process will culminate in a radical new framework in a matter of months. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”

Posted in International/EU Privacy

The Privacy Challenges of the New European Commission

The European Union’s executive branch has a brand new engine. Following the European Parliament’s election earlier this year and after months of political manoeuvring, a new European Commission is now in place and fully operational. The Commission’s functions remain as they were but under a revised structure of one president – Jean-Claude Juncker – seven vice-presidents responsible for designated policy areas and 20 commissioners. As the main policy making body in the European Union, the Commission continues to be in charge of pushing forward the ongoing data protection legislative reform that will lead to a new legal framework for privacy across the EU.

Posted in International/EU Privacy

Prepare Yourself for the ‘Risk-Based’ Approach to Privacy

Assuming a fair amount of hard work and that the EU institutions are able to put their political skills to good use, 2015 may be the year that sees the culmination of a legal modernisation process that has been running for the best part of four years. It was in 2010 when the European Commission formally acknowledged that the 1995 Data Protection Directive was ready for a makeover to address the privacy and data protection needs of the 21 century. Since then, stakeholders covering a whole spectrum of views have participated in a process that is approaching a decisive stage. In early 2014, the European Parliament came forward with a bold proposal to amend the Commission’s original draft and put the ball firmly in the Council of the EU’s court. As the Council finalises its own proposal, a picture of what the new framework will look like is starting to emerge.

Posted in International/EU Privacy

Irish High Court Refers Questions to European Court of Justice: Can National DPAs Disregard Safe Harbor?

In a new turn to the Maximilian Schrems case in Ireland, the Irish High Court on 18 June 2014 decided to refer several questions to the European Court of Justice, including whether national data protection authorities in Europe may disregard the Safe Harbor decision of the European Commission when assessing whether the U.S. recipient of data ensures an adequate level of data protection required under EU law. Depending on the outcome of the case, European and U.S. companies may not be able to rely on Safe Harbor to legitimise cross-border data transfers in the future.

Posted in International/EU Privacy

European Parliament Overwhelmingly Approves Data Protection Regulation

On 12 March 2014, the European Parliament voted overwhelmingly in favour of the European Commission’s data protection reform with 621 votes for, 10 against, and 22 abstentions for the proposed General Data Protection Regulation. The vote is significant because it confirms the approval of the European Parliament, one of the required participants in the s0-calle “trilogue” process along with the Commission and the Council, which will not change even if the composition of the Parliament changes following the European elections in May.

Posted in Consumer Privacy, International/EU Privacy

European Commission Calls for Data Transfer Reforms

On November 27, the European Commission released a strategy memo on rebuilding trust in the mechanisms allowing data to flow from the European Union (“EU”) to the United States. The Commission recognizes that EU-U.S. data flows are essential to the strategic and economic partnerships between the two markets. However, revelations about U.S. surveillance programs have, according to the Commission, caused EU Member States and citizens to believe that the current data transfer mechanisms do not provide adequate protections for personal data. To address those concerns and rebuild trust in transatlantic data flows, the Commission recommends six initiatives, including specific recommendations for reforming the U.S. privacy framework. Of particular note, the Commission identified several shortcomings with the EU-U.S. Safe Harbor framework and offered 13 recommendations for reform. And the Commission once again calls on the United States to adopt comprehensive privacy legislation.

Posted in International/EU Privacy

Endorsements and Delays for Proposed Data Protection Regulation

The legislative process for the European Commission’s (EC’s) proposed Data Protection Regulation is heating up. The European Parliament’s lead committee on the EU’s draft Data Protection Regulation has received more than 3,000 proposed amendments to the reform measure. As a result, the committee has moved its vote on the Regulation from April to the end of May. Some of the 3,000 amendments were submitted last week by Parliament’s Legal Affairs Committee (JURI), which has adopted an opinion generally supporting the proposed Regulation. Viviane Reding, Vice-President of the EC and EU Justice Commissioner, said that JURI’s adoption of the proposed Regulation brings the EU “another step towards the swift adoption of modern data protection reform in Europe.” In an unrelated announcement, the French Minister of Justice stated that France “actively supports” the proposed Regulation, including its provision on the right to be forgotten. The Minister said that France will be vigilant that the Regulation will “not introduce a step backwards” from current French law.

Posted in International/EU Privacy

German Privacy Publication Features Hogan Lovells Piece on Proposed Data Protection Regulation

The German publication, Zeitschrift fur Datenschutz, has just published a piece authored by Christopher Wolf, director of the global Privacy and Information Management practice, entitled “A Critical Time for the EU Data Protection Regulation.” The article highlights issues that have been raised about the proposed Regulation, described as “real and substantial.”  The point of the piece is […]

Posted in Consumer Privacy, International/EU Privacy

EU Sets Timeline for Consideration of Data Protection Reform

Jan Philipp Albrecht, the rapporteur to the European Parliament for the proposed EU Data Protection Regulation, has set forth a draft calendar that indicates how long debate over the Regulation may last. It is anticipated that by summer 2013 the Regulation should be ready for trilogue with the Council and Commission, and that the Regulation shall be put to a vote in the plenary session of the European Parliament in early 2014.

Posted in International/EU Privacy

London Privacy Workshop Seeks Input for UK Consultation

Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.

Posted in International/EU Privacy

Announcement from European Commission on Comprehensive Data Protection Reform Coming Wednesday

Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.

Posted in International/EU Privacy

Details of EU Data Protection Reform Reveal Dramatic Proposed Changes

Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.

Posted in International/EU Privacy

Network Neutrality Advances in the E.U.

The network neutrality debate in the U.S. has moved to the appeal courts as the 2010 FCC Order, which becomes effective on Nov. 20, awaits review. Meanwhile, two E.U. developments presage more regulatory steps forward. The result is movement away from the European Commission’s wait-and-see communique announced just last April.