Directive (EU) 2016/1148 of the European Parliament and of the Council of July 6, 2016, Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union Network and Information (“NIS Directive” or “Directive”), entered into force in August 2016, outlines plans for establishing a base level of network and […]
EU-U.S. Privacy Shield Approved and Signed
Posted by fgilbert on July 14th, 2016
Since October 2015, when the Court of Justice of the European Union invalidated the Safe Harbor Agreement, numerous US and EU companies have struggled to provide a legal basis to the transfer of personal information across the Atlantic. On July 12, representatives of the European Commission and the U.S. Department of Commerce signed the “EU-US […]
WP29 gives “Thumbs Down” to Draft EU-US Privacy Shield
Posted by fgilbert on April 13th, 2016
In a 58-page opinion published on April 13, 2016, the influential European Union Article 29 Working Party (“WP29”), which gathers representatives of the data protection authorities of the 28 EU member states, expressed significant concerns with respect to the terms of the proposed EU-US Privacy Shield that is intended to replace the EU-US Safe Harbor. […]
Posted in Europe
EU-US Privacy Shield Update
Posted by fgilbert on February 29th, 2016
The European Commission has released a Draft Adequacy Finding as a step towards the finalization of a new EU-US Privacy Shield. The concept of an EU-US Privacy Shield was outlined in an arrangement published on February 2, 2016. The Shield is intended to replace the EU-US Safe Harbor Agreement, which was invalidated in an October […]
Posted in Europe
Safe Harbor 2.0 Agreement Reached
Posted by fgilbert on February 2nd, 2016
On February 2, 2016, representatives of the European Commission and the United States agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield. The main elements of the arrangement provide that: US companies that wish to receive EU data will be required to commit to stringent obligations on how personal data is processed and […]
Posted in Europe
Israel Revokes is Acceptance of Safe Harbor
Posted by fgilbert on October 20th, 2015
In early October 2015, the Court of Justice of the European Union (CJEU) in the Schrems and Facebook case, declared the EU-US Safe Harbor invalid. The CJEU ruling stunned many businesses and organizations throughout the world. For the past 15 years, the Safe Harbor Program had made it easy for businesses established in the United […]
Amendments to California Security Breach Law
Posted by fgilbert on October 19th, 2015
The Fall season often brings changes to California laws, and this year is no exception. Once again, the California Security Breach Disclosure Laws have been amended. During the first half of October, California Governor Jerry Brown signed three bills amending the State’s Security Breach Disclosure Laws. These amendments will be effective as of January 1, […]
Posted in California
Safe Harbor Invalidation – Article 29 Working Party Sets January 2016 Deadline
Posted by fgilbert on October 16th, 2015
The long awaited reaction of the Working party to the ruling of the Court of Justice of the European Union (CJEU) in the Schrems and Facebook case in now public. Late on October 15, the Article 29 Working Party published a statement outlining its first response to the landmark ruling. The Working Party’s statement summarizes the group’s evaluation of […]
Safe Harbor Invalidation – What Consequences?
Posted by fgilbert on October 16th, 2015
In a 35-page ruling, published on October 6, 2015, the Court of Justice of the European Union has declared the EU-US Safe Harbor invalid. This means that the data transfers between European companies and the 4500+ US companies that have self-certified to their adherence to the EU-US Safe Harbor principles no longer have a […]
Russia Data Localization Law: an Enigma
Posted by fgilbert on April 6th, 2015
Companies that do business in Russia or with Russia residents have been struggling to understand the Federal Law No. 242-FZ (“Data Localization Law”). The law, passed in July 2014, contains a series of amendments to Russian laws to “Specify the Procedure for Personal Data Processing by Information and Telecommunications Networks.” The need to understand the […]
Posted in International