The future of EU-US data transfers

Last week I was interviewed by Laurie Clarke about the future of EU-US data transfers and what the US needs to do to make a new agreement a reality. Read “After a year of limbo a EU-US data privacy agreement still hangs in the balance” published in Tech Monitor, part of the New Statesman Media ...

Schrems II: One year later

Today marks the first anniversary of the CJEU’s “Schrems II” ruling which invalidated the European Commission’s Privacy Shield adequacy decision concerning the transfer of data to the US.   Despite an urgent need to reach a deal on transatlantic data flows for economic and geopolitical reasons, few if any concrete results have been seen to date. As stressed earlier this year by European Commissioner Didier Reynders and Věra Jourová, Vice President of ...

Would a US federal privacy law re-establish trusted EU-US data flows?

You might be aware that early last month US Congresswoman Suzan DelBene, Representing Washington's 1st District, introduced the Information Transparency and Personal Data Control Act – in her words “legislation that would create a national data privacy standard to protect our most personal information and bring our  laws into the 21st Century.”   Important aspects of the Information Transparency and Personal Data ...

Schrems II – No legal certainty and no quick fixes! It’s a geopolitical matter before it’s a legal one. “A NEW AGE OF DATA TRANSFERS” PART IV

I just attended today’s online LIBE meeting on possible solutions following the CJEU’s “Schrems II” decision, where it was recognized that the question of data transfers to third countries is fundamentally a geopolitical matter before being a legal one. In this way, legal certainty should be re-established as soon as possible – but such an achievement ...

Organizations are left with no practical legal grounds to transfer personal data to the United States. “A new age of data transfers” Part III

After the official statements of the European Data Protection Board (EDPB) and several Supervisory Authorities (SAs), it is clear that at the moment there is no practical way for data to lawfully flow from the EU to the US. The reasoning in 5 steps: On 16 July 2020 the Court of Justice of the European Union (CJEU) invalidated the European ...

Privacy Shield is invalid. Here’s what you need to do now. “A new age of data transfers” Part I

This blog is part of a multi-part series, “A new age of data transfers”, which will explore the practical implications of the Court of Justice of the European Union’s judgement in  Case C-311/18 “Schrems II”.  Following the invalidation of the Privacy Shield on 16 July 2020 by the Court of Justice of the European Union, the situation ...

Věra Jourová: SCCs to be modernised

In her intervention at the "The General Data Protection Regulation one year on: Taking stock in the EU and beyond" event held on 13 June 2019, Commissioner Věra Jourová discussed the state of the art of the GDPR, also with the aim of providing input to the next Commission who "will have to start working ...

Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...

The Case of Standard Contractual Clauses: The Irish Data Protection Commissioner & Max Schrems

“The supervisory authorities should have the power to prohibit or suspend a data transfer or a set of transfers based on the standard contractual clauses in those exceptional cases where it is established that a transfer on contractual basis is likely to have a substantial adverse effect on the warranties and obligations providing adequate protection ...

Changing the privacy game: Class action lawsuits

The decision of the Austrian Supreme Court on 12 September 2016 to refer the class action suit brought against Facebook by Privacy advocate Max Schrems to the European Court of Justice will have widespread consequences for both companies and consumers in Europe. Class actions on privacy-related matters represent a game changer for both consumers and businesses ...