On December 13, 2022, the European Commission (the “Commission”) released a draft adequacy decision for the EU-U.S. Data Privacy Framework (“Framework”). The draft decision proposes the Framework as a new transfer mechanism for EU-U.S. data flows...

Get ready for a wave of contract renegotiations and related compliance activities. The European Commission (“EC”) has published two sets of standard contractual clauses (“SCCs”) to address different aspects of the General Data Protection Regulation...

The Bavarian Data Protection Authority (DPA) declared that a German company’s transfer of email addresses to U.S.-based email service Mailchimp was unlawful in light of the 2020 “Schrems II” decision issued by the Court of Justice of the...

Per the European Data Protection Board’s (EDPB) draft recommendations on data transfers following the Schrems II decision, data exporters and importers must work together to determine whether the importer country’s law ensures an essentially equivalent level of...

The European Data Protection Board (“EDPB”) plans to release further guidance in the coming months on specific steps that companies can take to export personal data from the European Economic Area to locations in the...

While not outright eliminating the Swiss-U.S. Privacy Shield, the Swiss Data Protection Authority, the Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper on September 8, 2020 that he no longer considers the Swiss-U.S....

This article was originally published in the IAPP Daily Dashboard on August 19, 2020. By invalidating the EU-U.S. Privacy Shield but not rejecting wholesale the use of standard contractual clauses to transfer data to the U.S., the...

Photo credit: nmann77 – stock.adobe.com. Today the Court of Justice of the European Union (“CJEU”) ruled that: The EU-U.S. Privacy Shield framework (“Privacy Shield”) is no longer a valid mechanism for exportation of personal data from the...