Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: safe harbor

Posted in International/EU Privacy

Recording and Deck from Webinar: Privacy Shield: What You Need to Know

Thank you to everyone who participated in last week’s webinar “Privacy Shield: What You Need to Know,” in which we explored how companies demonstrate compliance with the Privacy Shield principles, what it takes to move from Safe Harbor to Privacy Shield, and more. A copy of the slide deck and recorded webinar are now available on our blog.

Posted in International/EU Privacy

Navigating from Safe Harbor to Privacy Shield: A Primer

In less than one week, on August 1, U.S. companies may begin to submit self-certifications to the EU-U.S. Privacy Shield framework at www.privacyshield.gov. Those companies that previously certified to the predecessor Safe Harbor framework are in a particularly good position to certify to the Privacy Shield, which built upon Safe Harbor’s core principles by adding meaningful substantive and procedural privacy protections for EU individuals.

A company seeking to transition from Safe Harbor to Privacy Shield will need to engage in three general steps: (1) update its external-facing privacy policy; (2) develop internal policies and procedures to comply with new Privacy Shield requirements; and (3) more closely manage its relationships with third parties that will receive or have access to Privacy Shield data, including ensuring contracts with those third parties meet new Privacy Shield requirements. We summarize these three steps, as well as additional procedural requirements that will affect the impact of Privacy Shield on U.S. businesses compared to Safe Harbor.

Posted in News & Events

REMINDER: Upcoming Webinar: Privacy Shield: What You Need to Know

The much anticipated Privacy Shield framework for the transfer of data between the EU and U.S. received final approval from the European Commission on 12 July 2016. With this important data transfer mechanism available to companies at the beginning of August, the Hogan Lovells Privacy and Cybersecurity team will answer your questions in a webinar next Wednesday, 27 July. CLE credit will be available.

Posted in International/EU Privacy

EU Data Transfers to the U.S.: Considering Your Options after Privacy Shield

With the recent approval of the EU-US Privacy Shield framework and the ability to start filing online registrations on 1 August, many companies have questions about the advantages and disadvantages of Privacy Shield as compared to other cross-border transfer mechanisms to cover trans-Atlantic data flows.

To answer your questions, we publish here International Data Transfers – Considering your options, a high-level analysis of the EU cross-border transfer options for companies—including the EU Standard Contractual Clauses, Intra-Group Agreements and other ad-hoc contracts, Binding Corporate Rules, Privacy Shield, and Consent—and the pros and cons of choosing each one.

Posted in International/EU Privacy

Privacy Shield Receives Final Approval from European Commission—Some Initial Practical Advice

On 12 July 2016, the European Commission issued its much awaited “adequacy decision” concerning the Privacy Shield framework for the transfer of personal data from the EU to the U.S. This adequacy decision is based on the latest version of the Privacy Shield, which was further negotiated and revised following the Article 29 Working Party’s April 2016 concerns with the terms of the original Privacy Shield framework. Many of our clients have questions about Privacy Shield—what it is, when it will be available for use, and how it differs from other data transfer mechanisms, among others. We have prepared blog post to answer these questions about the updated version of Privacy Shield and its implications for companies engaging in trans-Atlantic data flows.

Posted in International/EU Privacy

Julie Brill Advocates in Support of Privacy Shield

The free flow of data is essential to an ever-growing segment of the global economy. Yet some policymakers and advocates, citing privacy concerns, have called for shutting off the faucet and restricting data flow, to the detriment of European consumers and European businesses, both small and large. After much debate, a major European court opinion, and at least one act of Congress to address the issue, a solution is at hand that will enhance real, enforceable privacy protections on both sides of the Atlantic.

Posted in International/EU Privacy

Untying the Global Dataflows Mess

One of Harry Houdini’s most difficult tricks consisted of escaping from a nail-fastened and rope-bound wooden crate with manacles on his hands and feet, while submerged in New York’s East River. That feat is starting to look straightforward when compared to the prospect of lawfully exporting personal data out of the European Union. The restrictions on transfers of data to jurisdictions that do not provide an adequate level of protection have been in place for more than 20 years. And while these restrictions have not prevented the development of the digital economy, judging by this issue’s current direction of travel, we could be facing a situation from which not even the great Houdini could escape.

Posted in International/EU Privacy

Hogan Lovells Issues Legal Analysis of the EU-U.S. Privacy Shield

In a thorough legal analysis of the EU-U.S. Privacy Shield framework, a report from Hogan Lovells says the framework would stand up in the Court of Justice of the European Union, and the true level of data protection afforded by the Privacy Shield framework will only be demonstrated by its functioning and the practices of its participants.

Posted in International/EU Privacy

Inside the New EU-U.S. Data Framework: A Practical Breakdown of the Privacy Shield

The February 29, 2016 announcement of the new EU-U.S. data transfer framework—the Privacy Shield—was accompanied by over 130 pages of documentation and significantly more operational details than its predecessor, Safe Harbor. We have reviewed the Privacy Shield materials and published a comprehensive breakdown of the changes from Safe Harbor to Privacy Shield and the practical impact on business: Inside the New and Improved EU-U.S. Data Transfer Framework.

Posted in International/EU Privacy

First Look: EU–U.S. Privacy Shield

On February 29, 2016 and after more than two years of negotiations with the U.S. Department of Commerce, the European Commission released its draft Decision on the adequacy of the new EU–U.S. Privacy Shield program, accompanied by new information on how the Program will work. The Privacy Shield documentation is significantly more detailed than that associated with its predecessor, the EU-U.S. Safe Harbor, as it describes more specifically the measures that organizations wishing to use the Privacy Shield must implement. Importantly, the Privacy Shield provides for additional transparency and processes associated with U.S. government access to the personal data of EU individuals.

Posted in International/EU Privacy

International Data Transfers – The Uncertainty Continues

Following the announcement by the European Commission of the newly agreed EU-US Privacy Shield, the missing piece of the jigsaw was the Article 29 Working Party’s stance on the adequacy of the existing mechanisms in place—in particular, standard contractual clauses and binding corporate rules. So after two days of intense discussions, the Working Party has issued a statement with its latest position, which is the follow up to their original reaction to the invalidation of Safe Harbor last October. The bottom line: the Working Party still does not view US government surveillance laws as sufficiently protective of privacy—a position which calls all transfers of personal data to the US in question, regardless of the methods used to legitimise the transfer—but they will reconsider this position in light of the Privacy Shield in the coming months.

Posted in International/EU Privacy, News & Events

Breaking: EU-U.S. Privacy Shield to Replace Safe Harbor

The European Commission has announced an agreement today with the United States Department of Commerce to replace the invalidated Safe Harbor agreement on transatlantic data flows with a new EU-U.S. “Privacy Shield.” The Privacy Shield aims to address the requirements set out by the European Court of Justice in its Oct. 6, 2015 ruling by imposing stronger obligations on companies, providing stronger monitoring and enforcement by the DOC and Federal Trade Commission , and making commitments regarding access to information on the part of public authorities. In announcing the agreement, Vice-President Ansip noted his belief that the Privacy Shield will benefit both European businesses and citizens, and will prove to be a “much better” solution for transatlantic data flows.

Posted in International/EU Privacy

Safe Harbor Aftermath – Never a Reason to Panic

It’s close to 7pm on a Friday evening and my team are trying their best to manage our clients’ stress and frantic desperation. Jokes about how much they love Max Schrems are shared by email. In the meantime, we are diligently working our way through endless charts of dataflows and attempting to cover every single […]

Posted in International/EU Privacy

A New Turn in the Safe Harbor Roller Coaster

The roller coaster of developments affecting the Safe Harbor framework shows no signs of slowing down. It has taken a couple of years since Edward Snowden’s revelations for the train to reach to its highest point, but once the European Court of Justice ruled on the Schrems case, we knew it would be a bumpy ride. In the past weeks, most of the attention has focused on the EU data protection authorities, which are now more emboldened than ever and keen to capitalize on the ECJ’s decision to tighten the regime affecting international dataflows. The European Commission’s communication of 6 November to the European Parliament and the Council of the EU, coupled with its practical guidance, represents yet another turn in this uncertain journey. At the same time, the Commission’s intervention is helpful in terms of the decision-making process that many organisations—for which transatlantic transfers are vital—are trying to grapple with.

Posted in International/EU Privacy

European Commission Issues Opinion on Safe Harbor after Schrems

On November 6, 2015, the European Commission issued its widely anticipated Communication to the European Parliament and Council about the effect of the Court of Justice of the European Union’s Schrems decision, which invalidated the U.S.-EU Safe Harbor framework. The Commission expresses a commitment to negotiate with the U.S. Government a new framework for cross-border transfers of personal data. The Commission also emphasizes that the Communication does not have binding legal effect, but concludes that companies should rely on “alternative tools” for authorizing data flows to third countries like the United States.

Posted in International/EU Privacy

Spanish Data Protection Authority Clarifies Requirements for Cross-Border Transfers to Safe Harbor US entities

On Tuesday November 3, the Spanish data protection authority, Agencia Española de Protección de Datos, sent a letter all companies operating in Spain that had previously notified the AEPD of cross-border data transfers to Safe Harbor certified companies. The letter warns companies that because Safe Harbor certifications are no longer recognized as valid, they must take steps to ensure that alternative mechanisms are implemented in order to continue transferring data to Safe Harbor certified companies in the United States. In particular, the AEPD is requiring of all companies that received the letter to inform it not later than January 29, 2016 of any mechanisms that have been implemented to ensure adequate protections for personal data transferred to importers in the United States.

Posted in International/EU Privacy

European Court Advocate General’s Opinion Threatens Safe Harbor

The Opinion of the Advocate General of the Court of Justice of the European Union on the case assessing the status and validity of Safe Harbor has created significant uncertainty relating to its immediate future. While the CJEU has not yet ruled, the AG’s decisions are typically quite influential. The AG’s view is that the Safe Harbor program does not provide an adequate level of data protection and that it should have already been invalidated by the European Commission.

Posted in International/EU Privacy

CNIL International Chief Discusses Safe Harbor and Onward Transfer

Following on the heels of the IAPP Congress in Brussels, the CNIL’s (the French data protection authority) international chief, Florence Raynal, engaged in a dialogue with the members of the American Chamber of Commerce’s Digital Economy Committee in France. Raynal engaged with AmCham members on questions relating to the EU-US Safe Harbor framework, focusing on the practicalities of onward transfers. The discussion involved two kinds of transfers.

Posted in Consumer Privacy

Hogan Lovells Contributes Focus on Privacy and Trade to Global Privacy Meeting

At the 35th annual Conference of Data Protection Authorities and Privacy Commissioners in Warsaw, Poland today, Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and trade in light of the ongoing Transatlantic Trade and Investment Partnership negotiations between the EU and the U.S. This post contains prepared remarks to the commissioner’s on the need for interoperable cross-border privacy standards and the merits of the U.S. privacy regime.

Posted in Consumer Privacy, International/EU Privacy, News & Events

Commerce Department General Counsel Pushes Back Against EU Attacks on US Privacy

The US privacy framework is under attack from officials in the EU following revelations about NSA surveillance.  Yesterday, US Department of Commerce General Counsel Cameron Kerry delivered his valedictory address before his departure from his position next week, and focused both on the progress made by the Obama Administration in privacy and offered the strongest […]

Posted in International/EU Privacy

German Data Protection Commissioners Push Government Towards Suspension of U.S. – EU Safe Harbor Regime

According to reports by the German business newspaper Handelsblatt, the German data protection commissioners have sent a letter to the German chancellor Angela Merkel, asking her to push the European Union to suspend the U.S. – EU Safe Harbor regime because of the recently disclosed NSA activities. This letter dates from July 23 and is signed […]

Posted in International/EU Privacy

European Parliament Committee Releases Proposed Amendments to Data Protection Regulation

Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, released a draft report last month with key proposals to amend the European Commission’s proposed Regulation on data protection. The report includes a total of 350 amendments to the original proposal.  Highlights of the 215-page report include the following: