On Wednesday, the EU’s Article 29 Working Party issued its much-anticipated statement on the viability of the proposed EU-US Privacy Shield. As we’ve detailed previously, EU and US officials reached agreement on the Privacy Shield arrangement, which was meant to serve as a replacement for the invalidated Safe Harbor program, back in February, and released details of the Privacy Shield scheme a few weeks later. Observers then began eagerly awaiting the Article 29 Working Party’s opinion on the Privacy Shield, because even though the group’s opinion is not binding on the European Commission – which is responsible for shepherding the Privacy Shield through the approval and adoption process – it nevertheless may prove influential as that process moves forward.

After a decade of winding its way through the legislative process, Turkey’s new Data Protection Law entered into force on April 7.  Although Turkey previously had a few sectoral data protection laws on the books, this is the first time the country has had an omnibus data protection law.  Although details remain somewhat scant at this point, this new law deserves the attention of any company that conducts business in Turkey or collects the personal data of customers, employees, or other individuals located in Turkey.

The recently released Carlton Fields 2016 Class Action Survey reports that class actions are up for the first time in four years. While data privacy class actions still make up a relatively small portion of class action filings, their growth is expected to continue.

As class actions increase, arbitration clauses remain a popular first line of defense. The Carlton Survey reported that nearly 50 percent of companies employ arbitration clauses that address class actions.  Still, enforcing such arbitration clauses often generates mini-litigations in their own right.  Two recent decisions from the Fourth Circuit are of interest in this regard.

Co-authored by Geoffrey Roche

On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.

As we previously reported, EU and US officials have reached an agreement to implement a program known as the EU-US Privacy Shield.  The Privacy Shield is a successor to the US-EU Safe Harbor program, which was invalidated last year, and is the culmination of more than two years of

The Federal Communication Commission’s (the “FCC”) landmark decision last year to reclassify Internet service providers (“ISPs”) as common carriers under Title II of the Communications Act of 1934 implicates policy issues that extend well beyond net neutrality.  Perhaps chief among them is the treatment of customer proprietary network information (“CPNI”) by broadband access providers.  The CPNI rules, which were adopted as part of the Telecommunications Act of 1996, were originally implemented to facilitate competition in the context of a landline telephone network, rather than address privacy concerns for broadband providers.  Yet as part of the FCC’s Open Internet Order (which is currently under legal challenge), these rules apply to broadband as well.