Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment

Christopher FooJosephine JayLore LeitnerNikolaos TheodorakisChristopher OlsenCédric BurtonBy Christopher Foo, Josephine Jay, Lore Leitner, Nikolaos Theodorakis, Christopher Olsen, Cédric Burton and Alexandre Lépine on Posted in European Union, Privacy

Over the last few days, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS) and various Supervisory Authorities (SAs) across Europe issued statements addressing the decision of the European Court of Justice (ECJ) to invalidate the EU-U.S. Privacy Shield framework (Schrems 2.0). Below we summarize some of the main reactions.

The EDPB is working on a set of FAQs that will hopefully provide some level of clarification on key issues that companies now face. The EDPB is meeting on July 22 and 23, and we expect the FAQs to be published shortly thereafter. We will report on these FAQs as soon as they are issued. Continue Reading

ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses

Jan DhontNikolaos TheodorakisBastiaan SuurmondBy Jan Dhont, Nikolaos Theodorakis and Bastiaan Suurmond on Posted in European Union, Privacy

On July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield framework (Privacy Shield) invalid. The ECJ upheld the EU Standard Contractual Clauses (SCCs), but ruled that companies must verify prior to any transfer using SCCs that the parties can effectively provide the level of protection required by EU law. Continue Reading

Liu v. SEC: Foreshadowing a Challenge to the FTC’s Disgorgement Authority

Christopher OlsenLibby WeingartenBy Christopher Olsen and Libby Weingarten on Posted in Privacy

In Liu v. Securities & Exchange Commission,1 the Supreme Court upheld, but circumscribed, the Securities and Exchange Commission’s (SEC’s) disgorgement authority by holding 8-1 that the SEC may seek disgorgement through its equitable relief power only if the award does not exceed a wrongdoer’s net profits and is awarded to victims. Although this decision is important in its own right, the Court’s underlying reasoning also has significant ramifications on a similar question regarding the Federal Trade Commission’s (FTC’s) power to obtain equitable monetary relief under 15 U.S.C. § 53(b) (Section 13(b) of the FTC Act). Continue Reading

FTC Announces Unusually Stringent Consent Order in Privacy Shield Case Settlement

Tracy ShapiroChristopher OlsenBy Tracy Shapiro and Christopher Olsen on Posted in Privacy

On June 30, 2020 the Federal Trade Commission (FTC) announced that it reached a settlement in its litigation against NTT Global Data Centers (formerly RagingWire Data Centers) over allegations that the company misled customers about its adherence to the EU-U.S. Privacy Shield framework.1 As part of the settlement, the cloud service provider is required to hire a third-party assessor to annually verify its compliance with the Privacy Shield if it chooses to participate in the framework.2 As noted by three commissioners, this order is “more protective of the Privacy Shield Principles than the 14 orders [the] Commission … has approved in prior Privacy Shield Cases.”3 Continue Reading

FTC Outlines Potential Changes to Enhance Privacy and Security Enforcement Efforts If Given More Resources

Christopher OlsenBrett WeinsteinBy Christopher Olsen and Brett Weinstein on Posted in Privacy

On June 19, 2020, the Federal Trade Commission (FTC) submitted to Congress two reports that Congress requested in connection with the spending bill that funds the FTC. One of these reports (the “Resources Report”) describes the resources used and needed by the FTC to protect consumer privacy and security, and the second (the “Authorities Report”) describes the FTC’s use of its existing authorities to protect consumer privacy and security. Continue Reading

CCPA Update: California Attorney General Submits Final Proposed Regulations to OAL

Tracy ShapiroEdward HolmanBy Tracy Shapiro and Edward Holman on Posted in Privacy

On June 2, 2020, the California Attorney General announced that it had submitted the final proposed regulations package for the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The OAL now has 30 working days, plus an additional 60 calendar days under COVID-19-related Executive Order N-40-20, to review the package for compliance with California’s Administrative Procedure Act (APA). If approved by the OAL, the final regulations will then be filed with the California Secretary of State and become enforceable. Continue Reading

LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree