Menu

PH Privacy

How Are Governments Reacting to the Invalidation of Privacy Shield?
Since the decision by the Court of Justice of the European Union (“CJEU”) to invalidate Privacy Shield and opine on the use of Standard Contractual Clauses ("SCCs"), we have been compiling and maintaining a list of the responses and reactions published by both data protection authorities across the EU and other regulators globally.
CCPA’s HR and B2B Carve-Outs Extended Until January 1, 2022
On August 31, 2020, the California legislature passed AB-1281, which extends the California Consumer Privacy Act’s human resources (employee/job applicant) and B2B communications carve-outs until January 1, 2022. Those two exclusions from the CCPA currently are set to expire in January 2021. The bill awaits the Governor’s signature.
The Battle Continues: 101 Complaints are Filed Against Companies Transferring Data to the United States
The dust hasn’t even settled since the Court of Justice of the European Union (“CJEU”) declared Privacy Shield invalid and called into question the use of the Standard Contractual Clauses (“SCCs”), but already Max Schrems and noyb have filed 101 complaints across EU member states regarding personal data transfers in contravention of the law and the recent CJEU decision.
CCPA Final Regulations: California Attorney General Announces Approved CCPA Regulations for Immediate Effect
On Aug. 14, California’s attorney general announced the Office of Administrative Law (OAL) approved the state Department of Justice’s regulations (Final Regulations) implementing the California Consumer Privacy Act (“CCPA”) and filed them with the Secretary of State. As previously requested by the Attorney General, the Final Regulations take effect immediately.
US-EU Joint Statement: Privacy Shield
On August 10, 2020, U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders released a joint press statement (“Statement”) addressing the recent Schrems II ruling from the Court of Justice of the European Union (the “CJEU”).
Practical Next Steps Following Invalidation of Privacy Shield
Following the decision last week by the Court of Justice of the European Union (CJEU) to invalidate the EU-U.S. Privacy Shield (further details on the decision can be read here), the question asked by many businesses has been: we transfer personal data to the U.S., what should we do now?
How Are Governments Reacting to the Invalidation of Privacy Shield?
Following the decision by the Court of Justice of the European Union (the "CJEU") on 16 July 2020 invalidating Privacy Shield and imposing potential constraints on the use of Standard Contractual Clauses ("SCCs") (more information on the decision itself can be read here), we are starting to see data protection authorities and other bodies across the EU, and globally, publicly discussing and commenting on the decision.
The Results Are in: Privacy Shield Has Been Declared Invalid but the SCCs Remain Valid
Following a decision from the Court of Justice of the European Union (the “CJEU”) today, it has now been confirmed that Commission Decision 2016/1250, also known as the EU-U.S. Privacy Shield Framework, is invalid as a mechanism for transferring personal data from the E.U. to the U.S. Conversely, the Court of Justice considers Commission Decision (2010/87/EU) on standard contractual clauses (“SCCs”) for the transfer of personal data to processors established in third countries to be valid.
The EDPB on Data Protection and COVID-19 in the EU
The European Data Protection Board (the EDPB) recently released two statements in quick succession relating to the effects of COVID-19 on data protection. The statements focused on: 1) interoperability of contact tracing apps; and 2) reopening of borders following the outbreak.
Proposed “California Privacy Rights Act” Explained (with Redline)
The California Privacy Rights Act (the “CPRA”) has enough signatures to qualify for inclusion in California’s November 2020 ballot. Though we still await the California AG’s final regulations on the CCPA, the CPRA would build upon the CCPA to impose additional requirements.
1 2 3 4 5 6 7 8 9 >