On February 2, 2016, the European Commission announced that a political agreement on a new legal framework for data transfers has been reached between the European Union (EU) and the U.S. Today’s agreement introduces the
What’s Next for U.S.-EU Data Transfers? An Analysis of Recent Developments Following Schrems
On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU Safe Harbor framework as a legal basis for transferring personal data from the European Union to the U.S.1 The judgment was delivered in Schrems v. Data Protection Commissioner, a case in which Max Schrems, an Austrian student, complained to the Data Protection Authority (DPA) in Ireland about the transfer of his personal data by Facebook to its servers in the U.S.
The Schrems judgment is of major importance to the over 4,000 companies that relied on Safe Harbor to transfer personal data from the EU to the U.S. This article details the background of the case, analyzes its holdings and consequences, and summarizes the main developments that have occurred since the judgment was issued.
Continue Reading What’s Next for U.S.-EU Data Transfers? An Analysis of Recent Developments Following Schrems
New EU Trends: Cybersecurity and Breach Notification
On June 29, 2015, the Council of the European Union (comprised of representatives of the 28 EU Member States) reached a political agreement with the European Parliament on the main principles of the draft Directive on Network and Information Security (NIS Directive) governing cybersecurity issues.1 The draft NIS Directive is an advanced piece of draft legislation in the EU that, once adopted, will likely concern a significant number of companies doing business in Europe.2 The final text is expected to be adopted sometime in late 2015, however the ultimate timing will depend on the political developments.
Continue Reading New EU Trends: Cybersecurity and Breach Notification