Posted by fgilbert on August 12th, 2016

Directive (EU) 2016/1148 of the European Parliament and of the Council of July 6, 2016, Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union Network and Information (“NIS Directive” or “Directive”), entered into force in August 2016, outlines plans for establishing a base level of network and […]

Posted by fgilbert on July 14th, 2016

Since October 2015, when the Court of Justice of the European Union invalidated the Safe Harbor Agreement, numerous US and EU companies have struggled to provide a legal basis to the transfer of personal information across the Atlantic. On July 12, representatives of the European Commission and the U.S. Department of Commerce signed the “EU-US […]

Posted by fgilbert on April 13th, 2016

In a 58-page opinion published on April 13, 2016, the influential European Union Article 29 Working Party (“WP29”), which gathers representatives of the data protection authorities of the 28 EU member states, expressed significant concerns with respect to the terms of the proposed EU-US Privacy Shield that is intended to replace the EU-US Safe Harbor. […]

Posted by fgilbert on February 29th, 2016

The European Commission has released a Draft Adequacy Finding as a step towards the finalization of a new EU-US Privacy Shield. The concept of an EU-US Privacy Shield was outlined in an arrangement published on February 2, 2016. The Shield is intended to replace the EU-US Safe Harbor Agreement, which was invalidated in an October […]

Posted by fgilbert on February 2nd, 2016

On February 2, 2016, representatives of the European Commission and the United States agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield. The main elements of the arrangement provide that: US companies that wish to receive EU data will be required to commit to stringent obligations on how personal data is processed and […]

Posted by fgilbert on October 20th, 2015

In early October 2015, the Court of Justice of the European Union (CJEU) in the Schrems and Facebook case, declared the EU-US Safe Harbor invalid. The CJEU ruling stunned many businesses and organizations throughout the world. For the past 15 years, the Safe Harbor Program had made it easy for businesses established in the United […]

Posted by fgilbert on October 19th, 2015

The Fall season often brings changes to California laws, and this year is no exception. Once again, the California Security Breach Disclosure Laws have been amended. During the first half of October, California Governor Jerry Brown signed three bills amending the State’s Security Breach Disclosure Laws. These amendments will be effective as of January 1, […]

Posted by fgilbert on October 16th, 2015

The long awaited reaction of the Working party to the ruling of the Court of Justice of the European Union (CJEU) in the Schrems and Facebook case in now public. Late on October 15, the Article 29 Working Party published a statement outlining its first response to the landmark ruling. The Working Party’s statement summarizes the group’s evaluation of […]

Posted by fgilbert on October 16th, 2015

  In a 35-page ruling, published on October 6, 2015, the Court of Justice of the European Union has declared the EU-US Safe Harbor invalid. This means that the data transfers between European companies and the 4500+ US companies that have self-certified to their adherence to the EU-US Safe Harbor principles no longer have a […]

Posted by fgilbert on April 6th, 2015

Companies that do business in Russia or with Russia residents have been struggling to understand the Federal Law No. 242-FZ (“Data Localization Law”).  The law, passed in July 2014, contains a series of amendments to Russian laws to “Specify the Procedure for Personal Data Processing by Information and Telecommunications Networks.” The need to understand the […]