Archives: European Union

Subscribe to European Union RSS Feed

EU-U.S. Privacy Shield Passes First Annual Review

On October 18, 2017, the European Commission (EU Commission) published its report on the first annual review of the EU-U.S. Privacy Shield Framework (Privacy Shield). The EU Commission confirms that the Privacy Shield ensures an adequate level of protection for EU personal data that is transferred to the U.S., but calls on the U.S. government … Continue Reading

European Court of Justice to Rule on Validity of Standard Contractual Clauses

On October 3, 2017, the High Court of Ireland issued its decision in Data Protection Commissioner vs Facebook and Schrems concerning the validity of the EU Standard Contractual Clauses (SCCs)—a mechanism used by a very large number of companies to transfer personal data outside of the European Union. The Irish High Court referred this question to … Continue Reading

Status Update on the EU e-Privacy Regulation Proposal Discussions

On January 10, 2017, the European Commission published a Proposal for a Regulation (Proposal) relating to privacy rules for the electronic communications sector. The Proposal will impose new, more rigorous privacy regulatory obligations on nearly all companies doing business in the EU over the Internet. It will address a host of important issues including the … Continue Reading

New EU e-Privacy Regulation: European Parliament Committee Publishes Draft Report

The EU Parliament Committee in charge of reviewing the EU Commission’s Proposal for an e-Privacy Regulation (Proposal) recently released a Draft Report proposing amendments to the regulation. The e-Privacy Regulation will regulate new electronic communication services such as instant messaging, VOIP services, web-based email, and IoT devices, and will impose significant additional obligations on Internet … Continue Reading

EU Commission Publishes Proposal for e-Privacy Regulation: The Top Nine Key Points You Need to Know

On January 10, 2017, the European Commission published a Proposal for a Regulation  that if adopted would have significant and far-reaching implications for Internet-based services and technologies. The proposal seeks to revise the current EU ePrivacy Directive. It creates strict new rules regarding confidentiality of electronic communications, including content and metadata. In addition, the proposal … Continue Reading

Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the WP29 continues to have some of the concerns raised in its April 2016 opinion, and the Privacy Shield will most likely face legal … Continue Reading

The EU-U.S. Privacy Shield Is Adopted and Available as of August 1, 2016

On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today’s adequacy decision by the College of EU Commissioners which recognizes that the Privacy Shield provides an adequate level of protection under EU data protection law. The adequacy decision … Continue Reading

EU Cyber Security and Incident Notification Rules Enacted

On July 6, 2016, the European Parliament adopted the first-ever pan-European law on cyber security. The law, entitled the “Directive on the Security of Network and Information Systems” (NIS Directive), imposes security requirements and security incident notification obligations on digital service providers and operators of essential services. The NIS Directive was enacted as part of … Continue Reading

Uncertainty Increases Around EU-U.S. Data Flows

Two recent developments have significantly increased the already uncertain legal landscape surrounding transatlantic data flows. Earlier today, the EU Parliament voted out a resolution calling on the European Commission (EU Commission) to further negotiate the terms of the EU-U.S. Privacy Shield (Privacy Shield). And yesterday, the Irish Data Protection Commissioner (DPC) announced the launch of … Continue Reading

WSGR Alert: New EU Data Protection Regulation Is Now Enacted

On April 14, 2016, the European Parliament formally adopted the General Data Protection Regulation (GDPR). With this vote, the new EU data protection legal framework will become legally effective in two years and 20 days from its publication in the EU Official Journal (expected in May 2016). By May 2018, companies will have to comply … Continue Reading

WSGR Alert: Article 29 Working Party Calls for Improvements to the EU-U.S. Privacy Shield

On April 13, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued its opinion on the new EU-U.S. Privacy Shield. The WP29 acknowledged that progress has been made with the Privacy Shield, but called for several significant changes to the shield before it can be found to provide protection that … Continue Reading

WSGR Alert: EU Commission Publishes EU-U.S. Privacy Shield

On February 29, 2016, the European Commission unveiled the text of the EU-U.S. Privacy Shield. The Privacy Shield is designed to replace the invalidated EU-U.S. Safe Harbor Framework and to provide a new legal framework for data transfers from the EU to the U.S. Although the Privacy Shield is based on the same principles as … Continue Reading

EU Reaches Political Agreement on New Data Protection Regulation

On December 15, 2015, the European Parliament and the Council of the European Union reached a political agreement on the text of the EU General Data Protection Regulation (GDPR).1 This is a major step toward the official adoption of the GDPR, which is now expected in Spring 2016. The GDPR will have a significant impact … Continue Reading

The FCC’s Open Internet Order and the EU’s Network Neutrality Regulation: A Comparison and Key Takeaways for Players in the Telecommunications Sector

The Internet has transformed the ways that we access, consume, and use information. For years, debates have raged in both the United States and Europe over so-called “network neutrality”—the extent to which the government should require entities that provide Internet access services to treat the content that they transmit equally. In the past several months, … Continue Reading

EU Agrees to New Cybersecurity and Incident Notification Rules

The European Union will soon have its own first-ever cybersecurity rules, which will impact a broad range of industries, such as transportation, energy, and online marketplaces. On December 7, 2015, the European Parliament and the Council of the European Union, which is comprised of representatives of the 28 EU countries, reached a political agreement on … Continue Reading

WSGR Alert: EU Data Protection Authorities Issue Statement Following Agreement on EU-U.S. Privacy Shield

On February 3, 2016, the body of European data protection regulators—the Article 29 Working Party (WP29)—issued a statement following the announcement of a political agreement regarding a new transatlantic data transfer scheme, the EU-U.S. Privacy Shield. This is the second guidance document issued by the WP29 following the invalidation of the EU-U.S. Safe Harbor Framework … Continue Reading

WSGR Alert: EU and U.S. Reach a Political Agreement on Transatlantic Data Transfer Deal

On February 2, 2016, the European Commission announced that a political agreement on a new legal framework for data transfers has been reached between the European Union (EU) and the U.S. Today’s agreement introduces the new “EU-U.S. Privacy Shield.” Although the details of the new agreement have not yet been released, this is a crucial … Continue Reading

What’s Next for U.S.-EU Data Transfers? An Analysis of Recent Developments Following Schrems

On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU Safe Harbor framework as a legal basis for transferring personal data from the European Union to the U.S.1 The judgment was delivered in Schrems v. Data Protection Commissioner, a case in which Max Schrems, an Austrian student, complained to … Continue Reading

Landmark Decision Clarifies Territorial Scope of Application of National Data Protection Laws in the EU

On October 1, 2015, the Court of Justice of the European Union (CJEU), which is the EU’s highest court, delivered its judgment in Case C-230/14—Weltimmo.1 The CJEU ruling is a landmark decision in determining the territorial scope of application of national data protection laws and the competence of national Data Protection Authorities (DPAs) in the … Continue Reading

Technical Standards Open New Avenue to EU Data Protection Compliance

Historically, businesses have called for greater connection between the legal requirements of European data protection law and the requirements of information technology standards. The new International Organization for Standardization (ISO) standard for securely processing personal information in cloud computing environments, ISO 27018, could be a significant and major first step toward creating technical standards that … Continue Reading

Personal Data, Anonymization, and Pseudonymization in the EU

De-identification techniques are often at the forefront of companies’ concerns when it comes to the processing of big data. In addition, anonymization and pseudonymization techniques have been a heavily debated topic in the ongoing reform of EU data protection law. This makes last year’s Article 29 Working Party (WP29) Opinion on Anonymization Techniques1 even more … Continue Reading

New EU Trends: Cybersecurity and Breach Notification

On June 29, 2015, the Council of the European Union (comprised of representatives of the 28 EU Member States) reached a political agreement with the European Parliament on the main principles of the draft Directive on Network and Information Security (NIS Directive) governing cybersecurity issues.1 The draft NIS Directive is an advanced piece of draft … Continue Reading
LexBlog