They State That Direct Collection of Personal Data by Non-EU Companies Is Not a “Data Transfer” Under the GDPR On November 18, 2021, the European Data Protection Board (EDPB) issued guidelines (Guidelines) that—for the first time—clarify the notion of “data transfer.” Departing from common understanding, the EDPB has determined that there is no data transfer … Continue Reading
On October 18, 2017, the European Commission (EU Commission) published its report on the first annual review of the EU-U.S. Privacy Shield Framework (Privacy Shield). The EU Commission confirms that the Privacy Shield ensures an adequate level of protection for EU personal data that is transferred to the U.S., but calls on the U.S. government … Continue Reading
Two recent developments have significantly increased the already uncertain legal landscape surrounding transatlantic data flows. Earlier today, the EU Parliament voted out a resolution calling on the European Commission (EU Commission) to further negotiate the terms of the EU-U.S. Privacy Shield (Privacy Shield). And yesterday, the Irish Data Protection Commissioner (DPC) announced the launch of … Continue Reading
On February 29, 2016, the European Commission unveiled the text of the EU-U.S. Privacy Shield. The Privacy Shield is designed to replace the invalidated EU-U.S. Safe Harbor Framework and to provide a new legal framework for data transfers from the EU to the U.S. Although the Privacy Shield is based on the same principles as … Continue Reading
On February 2, 2016, the European Commission announced that a political agreement on a new legal framework for data transfers has been reached between the European Union (EU) and the U.S. Today’s agreement introduces the new “EU-U.S. Privacy Shield.” Although the details of the new agreement have not yet been released, this is a crucial … Continue Reading
On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU Safe Harbor framework as a legal basis for transferring personal data from the European Union to the U.S.1 The judgment was delivered in Schrems v. Data Protection Commissioner, a case in which Max Schrems, an Austrian student, complained to … Continue Reading