Tag: European Commission

1
Post-Brexit data protection – where are we now?
2
EU-US Privacy Shield approved
3
European Data Protection Supervisor less than impressed with EU-US Privacy Shield
4
EU and U.S. Agree in Principle on New Trans-Atlantic Data-Transfer Agreement

Post-Brexit data protection – where are we now?

By Cameron Abbott and Michelle Aggromito

After years of political squabble and delays, Brexit day finally arrived on 31 January 2020. But what does it mean when we talk about the UK’s withdrawal from the EU and how will data protection regulation and compliance change?

There will be little change during the transition (also known as “implementation”) period that is expected to end on 31 December 2020. During this period, EU law will continue to apply in the UK, including the EU General Data Protection Regulation (GDPR), after which the GDPR will be converted into UK law.

Read More

EU-US Privacy Shield approved

By Cameron Abbott, Rob Pulham, Simon Ly and Rowena Baer

When the Safe Harbour arrangements were struck down the EU and US worked to create a replacement and flesh out the details of this new arrangement (see our last article on this issue here). We have all been somewhat nervously watching to see if the new ‘Privacy Shield’ would get final approval amid some criticism from some quarters. Good news, last Friday the EU member states on the Article 31 Committee voted to approve a revised Privacy Shield.

The new arrangement provides a welcome measure of certainty for businesses whose Trans-Atlantic data transfers have been left in legal limbo since the European Court of Justice declared the longstanding Safe Harbor Framework invalid in October 2015.

The European Commission has released a statement expressing their confidence in the adoption of the new Privacy Shield, noting that the new pact is “fundamentally different” from its predecessor. The new Privacy Shield imposes “clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice”.

International tech industry groups have also praised the move as a win for both consumers and businesses as the pact provides robust consumer privacy protections. Voicing their support of the Privacy Shield, Microsoft released a detailed blog post on how the Privacy Shield is progress for privacy rights, declaring that the regime is an “important achievement for the privacy rights of citizens across Europe, and for companies across all industries that rely on international data flows to run their businesses and serve their customers”.

Whilst we are still at the early stages, companies should begin assessing the Privacy Shield’s impact on their existing agreements and also more broadly their data strategy, keeping in mind that the regime relates only to EU-US data transfers. In particular, consideration should be given to the transitional arrangements in the Privacy Shield. Companies should also be aware of the potential challenges to this regime (and related issues post-Brexit) as there is concern about the shelf life of the Privacy Shield.

For more information, please see the EU’s page here and the US’s page here.

European Data Protection Supervisor less than impressed with EU-US Privacy Shield

By Cameron Abbott, Rob Pulham and Giles Whittaker

The EU-US Privacy Shield data-sharing agreement has come under scrutiny from the European Data Protection Supervisor Giovanni Buttarelli. Mr Buttarelli has expressed concerns that the Privacy Shield, which will outline how data (including personal information) should be handled in foreign jurisdictions, is “not robust enough to withstand future legal scrutiny”.

While Mr Buttarelli said he “appreciates” the efforts made to develop a solution to replace Safe Harbour, he emphasised that “significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect…the key data protection principles” which are afforded in Europe with particular regard to “necessity, proportionality and redress mechanisms”.

Giovanni Buttarelli’s statement regarding the Privacy Shield can be found here.

EU and U.S. Agree in Principle on New Trans-Atlantic Data-Transfer Agreement

By Cameron Abbott and Melanie Long

On 26 October 2015, European Commissioner Vera Jourová, announced that the European Union had agreed in principle with the US on a new trans-Atlantic data-transfer agreement. Commissioner Jourová made the announcement in a speech, before the Committee on Civil Liberties, Justice and Home Affairs, which addressed the recent judgment of the European Court of Justice that invalidated the safe harbour scheme between the two countries (Schemes decision). Commissioner Jourvá said, “there is agreement…in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the Court.” She also added that she expected both sides to make progress on the remaining technical points of discussion by mid-November, when she is scheduled to visit the US. The European Commission is also planning on issuing an explanatory Communication on the consequences of the Schemes decision so that businesses and industry have ‘clear explanations and a uniform interpretation of the ruling.’ The European Commission are also working towards a pending deadline set by European data protection authorities who have said that if, by the end of January 2016, no appropriate solution is found with the U.S. authorities, they will take all necessary and appropriate steps (including enforcement action) to enable data transfers to the U.S. that respect fundamental rights.

The European Commission’s press release can be found here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.