Problems for model clauses and Privacy Shield as MEPs and regulators flex their muscles

John Leonard, Computing,  Saturday, May 28, 2016

odel contract clauses, the data transfer mechanism deployed by multinational companies like Facebook, Amazon and Google to ship personal data from the EU to the US as an alternative to the now-defunct Safe Harbour framework, look to be in trouble. Irish data protection authorities have warned that model contract clauses are potentially in breach of EU regulations. The Irish Data Protection Commissioner (IDPC) has suggested that the European Court of Justice (ECJ), the same body that invalidated Safe Harbour, should look into the matter.

U.S. Official: Data Transfer Agreements Don’t Have to Follow EU Model

Stephen Dockery, Wall Street Journal,  Thursday, May 26, 2016

The U.S. is promoting the Asia-Pacific Economic Cooperation data transfer agreement as an alternative to the powerful European Union model that is causing American regulators such headaches, a Department of Commerce official said Tuesday. Announced in 2011, APEC’s cross-border privacy rules offer a standard template for data transfers in the organization’s 21 member countries.

Article 31 to settle Shield's fate after Parliament says it needs more work

Jennifer Baker, IAPP Privacy Tracker,  Thursday, May 26, 2016

The fate of Privacy Shield will hang in the balance until at least June 20 as national representatives remain in talks. The Privacy Advisor has learned the Article 31 committee has scheduled at least two further meetings to discuss Privacy Shield after it failed to reach an agreement last week, sources confirmed.

European Privacy Case Adds New Threat to Data Flowing to U.S.

Sam Schechner, Wall Street Journal,  Wednesday, May 25, 2016

One of the last legal methods that companies have to store Europeans’ data—everything from Swedish salary files to Spanish selfies—on servers in the U.S. was thrust deeper into limbo Wednesday when a privacy regulator said it would ask Europe’s top court to review its legality. The Irish Data Protection Commissioner’s office said it plans to ask the European Union’s Court of Justice to review backup contractual language that Facebook Inc. and thousands of other companies use to justify sending personal information about Europeans to the United States. The same court last year invalidated the main legal framework the companies had used to do so.

U.S. Privacy Safe Harbor—More Myths and Facts

Lothar Determann, Bloomberg BNA,  Wednesday, May 25, 2016

Since Oct. 6, national data protection authorities in the EEA rushed to issue inconsistent and unclear guidance to local companies that do business with the U.S. Chaos ensued and numerous myths were added to ones that had previously surrounded the Safe Harbor Program:

Half of EU members sidle up to EC: About the data-sharing rules. C'mon. Chill out

Alexander J Martin, The Register,  Monday, May 23, 2016

Ministers from half of the European Union's 28 member states have signed a letter asking the EU Commission to drop its “barriers to the free flow of data”. The letter was sent to the EU's digitally focused folk ahead of Wednesday, when the commission will publish the findings of its inquiry into online platforms (“search engines, social media, knowledge and video sharing websites, app stores, etc.”) which took place after the publication of the EU's Digital Single Market Strategy last year. Essentially something of a cry against the EU's data protection legislation, the letter is signed by ministers from Belgium, Bulgaria, Czech Republic, Denmark, Estonia, Finland, Great Britain, Ireland, Latvia, Luxembourg, Lithuania, Poland, Slovenia and Sweden.

How to handle the new US-EU data regulations

Jamie Carter, Tech Radar,  Monday, May 23, 2016

After a long wait while bureaucrats worked out the details of new EU data protection law, the European General Data Protection Regulation (GDPR) is here – or at least, it will be in two years. In the wake of Safe Harbour and Privacy Shield, the latest data sharing agreement between the EU and the United States, the GDPR affects all businesses processing personal data, but how?

Views on Global Surveillance Laws From Lothar Determann of Baker & McKenzie

George Lynch, Bloomberg BNA,  Monday, May 23, 2016

The proliferation of surveillance laws around the world have placed multinational companies between the demands of privacy-conscious consumers and increasing data access requests from governments, leaving them to figure out how to comply. Bloomberg BNA Privacy & Data Security News Senior Legal Editor George R. Lynch posed a series of questions to Lothar Determann, a partner in the Global Privacy & Information Management Working Group at Baker & McKenzie LLP in Palo Alto, Calif. on global surveillance laws and how multinational companies should navigate the maze.

Shields Up!: Getting Ready for the Privacy Shield

Lewis Barr, Janrain,  Thursday, May 19, 2016

In the wake of last year’s European Court of Justice’s ruling invalidating the Safe Harbor framework, EU adoption of the Privacy Shield framework is still on schedule for June despite criticisms of the framework from both sides of the pond. This means if your organization intends to rely on the framework as a means of legitimizing personal data transferred from the EU to the US, there is no time like the present to take the necessary actions that will allow you to raise the shield soon after its adoption. If you need extra motivation to roll up your sleeves now, the framework gives organizations a nine-month grace period to bring third party contracts into compliance if they certify their adherence to the Privacy Shield Principles (“Principles”) within two months of their adoption.

Privacy shield rejection highlights need for proactive corporate privacy approach

Joanna Belbey, TechCrunch,  Wednesday, May 18, 2016

Though no revisions are imminent for the EU/US Privacy Shield, the rejection should signal to companies they must re-think privacy. Across industries ranging from banking and financial services to retail and e-commerce, competitive advantage and market share will be won and lost depending on an organization’s ability to exhibit how they protect customer data, as well as partner, employee and corporate information.