As we previously reported, EU and US officials have reached an agreement to implement a program known as the EU-US Privacy Shield. The Privacy Shield is a successor to the US-EU Safe Harbor program, which was invalidated last year, and is the culmination of more than two years of
Over the course of the coming weeks, we will examine the various options available to companies in light of the European Court of Justice’s (CJEU) decision invalidating the US-EU Safe Harbor framework, including model contracts, binding corporate rules (BCRs), consent and reliance on derogations.
News out of Germany, however, indicates that a one-size-fits all approach to data transfers from the EU to the U.S. may be difficult to achieve.
A brief rundown of developments in recent weeks in the area of EU data protection law:
EU Data Protection Regulation
On Monday, June 15, the EU Council (comprised, for purposes of data protection reform, of the justice ministers from each of the EU member states) reached an agreement on a…
The US-EU Safe Harbor has been back in the news recently as Germany’s data protection commissioners met at the end of January and expressed impatience at the delay in implementing what many view as necessary reforms to the program. The European Court of Justice also recently heard a challenge to Facebook’s reliance on the Safe Harbor for the transfer of user data in what many see as an important test case; this lawsuit will be the topic of a future blog post.