On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today’s adequacy decision by the College of EU Commissioners
Continue Reading The EU-U.S. Privacy Shield Is Adopted and Available as of August 1, 2016
The State of Tennessee recently amended its data breach notification statute, Tenn. Code Ann. § 47-18-2107, which is set to go into effect on July 1, 2016. Numerous commentators have proclaimed that the amendment1 marks a watershed moment—that with the enactment of S.B. 2005, Tennessee becomes the first state to eliminate the encryption safe harbor from its data breach notification statute. However, this is not the case; Tennessee has not removed its primary encryption safe harbor. Even under the amended Tennessee law, data encryption remains an important method for securing data, and one that may reduce notice obligations if a breach occurs.
S.B. 2005 makes three changes to the breach notification statute that may impact whether Tennessee’s notification law applies to a particular data breach situation, and when organizations must send notices to affected individuals.
Continue Reading Tennessee Updates Data Breach Notification Law
Two recent developments have significantly increased the already uncertain legal landscape surrounding transatlantic data flows.
Earlier today, the EU Parliament voted out a resolution calling on the European Commission (EU Commission) to further negotiate the
Continue Reading Uncertainty Increases Around EU-U.S. Data Flows
On April 13, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued its opinion on the new EU-U.S. Privacy Shield. The WP29 acknowledged that progress has been made with the
On February 29, 2016, the European Commission unveiled the text of the EU-U.S. Privacy Shield. The Privacy Shield is designed to replace the invalidated EU-U.S. Safe Harbor Framework and to provide a new legal framework
Continue Reading WSGR Alert: EU Commission Publishes EU-U.S. Privacy Shield
On December 15, 2015, the European Parliament and the Council of the European Union reached a political agreement on the text of the EU General Data Protection Regulation (GDPR).1 This is a major step toward the official adoption of the GDPR, which is now expected in Spring 2016. The GDPR will have a significant impact on how EU and non-EU businesses can collect and process the personal data of EU individuals. This article discusses the key elements of the GDPR.
Continue Reading EU Reaches Political Agreement on New Data Protection Regulation
On February 3, 2016, the body of European data protection regulators—the Article 29 Working Party (WP29)—issued a statement following the announcement of a political agreement regarding a new transatlantic data transfer scheme, the EU-U.S. Privacy
Continue Reading WSGR Alert: EU Data Protection Authorities Issue Statement Following Agreement on EU-U.S. Privacy Shield