The European Data Protection Supervisor (“EDPS”) Giovanni Buttarelli issued a guidance document on data security and risk management for the E.U. institutions (such as the European Parliament, the European Council, and the Council of the European Union) on March 21, 2016. Although aimed at E.U. institutions, the document may nonetheless become a source of guidance […]
EU Data Protection
A Brief Overview of the Privacy Shield
A one page summary is now available to help U.S. organizations initially evaluate whether the Privacy Shield represents a viable mechanism to legitimize their transfer of personal data from the European union. The summary lists the key features and requirements of the Privacy Shield, some of which were contained in the now-invalidated EU-U.S. Safe Harbor Framework, […]
WP 29 Issues Statement on EU-U.S. Privacy Shield
On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts that constitute the Privacy Shield arrangement. In accordance with its mission, WP29 said that it would […]
Article 29 Working Party announces its 2016 Action Plan for GDPR Preparedness
During a press conference held on February 3, 2016, the President of the Article 29 Working Party (“Working Party”) discussed the Working Party’s 2016 action plan concerning the new General Data Protection Regulation (“GDPR”). The action plan lays out the groundwork required to prepare the DPAs for their new role under the GDPR and to […]
Germany’s Christmas Present: Data-Protection Class Actions
Following the European Court of Justice’s Schrems decision invalidating the Safe Harbor mechanism, much attention has focused on how the Data Protection Authorities (DPAs) of EU member states would interpret and enforce Schrems. While close attention to DPA activity is important—and will become even more so upon the passage of the EU General Data Protection […]