Court of Justice of the European Union Invalidates the EU-U.S. Privacy Shield, Finds Standard Contractual Clauses Valid

The Court of Justice of the European Union (CJEU) in a surprise decision invalidated the U.S. Privacy Shield in a case called, Schrems II – a decision important to all companies doing business in the EU and collecting personal data about its residents. It found that the Standard Contractual Clauses (SCC) issued by the European Commission to support the lawful transfer of personal data to processors established outside of the EU are valid. At the same time, the Court unexpectedly invalidated the EU-U.S. Privacy Shield framework. This decision will require companies to re-examine their approach to transferring data between the U.S and the EU. Background In 2015 Max…

READ MORE

The Importance of Article 27: Identifying a Representative in Europe

The General Data Protection Regulation came into effect on May 25. In an effort to comply, companies of all sizes have been taking steps to meet requirements. Mapping data, appointing staff to lead data protection work in the organization, reviewing and updating security, developing data governance programs – businesses are investing time and resources to understand and meet GDPR expectations. What is often lost in this flurry of activity is an understanding of GDPR’s Article 27 – a provision that requires that companies that are not established in the EU, but that collect and process personal data about residents of the EU, appoint an EU-based representative. The EU…

READ MORE