DPI16_Banner_300x250 WITH COPY

(Feb 9, 2016) As much of the privacy and technology world awaits the fate of the newly proposed EU-U.S. Privacy Shield, the clock is now ticking for Facebook to comply with France’s Data Protection Act. On Monday, after a multi-pronged investigation, French data protection authority CNIL sent a formal notice to the social networking giant that it was violating the nation’s privacy law and now has three months to get into compliance. The investigation was triggered by Facebook's March 2015 privacy policy upda... Read More

The Privacy Advisor

Obama establishes Federal Privacy Council as part of massive cyber effort

(Feb 9, 2016) As part of his 2017 budget proposal for the United States, President Barack Obama is including $19 billion for cybersecurity efforts, a 35-percent increase over fiscal year 2016. The funds will go toward a Cybersecurity National Action Plan, which includes the hiring of a chief information security officer, a $3.1 billion fund for IT modernization at the federal level, and, perhaps most importantly for privacy professionals, a new executive order establishing a permanent Federal Privacy Council,... Read More

The Privacy Advisor

UK won’t opt in to portion of GDPR

(Feb 5, 2016) In a statement posted to the U.K. Parliament website yesterday by Baroness Neville-Rolfe, the U.K. government has made it known that it will not choose to opt-in to Article 43a of the proposed General Data Protection Regulation. House of Lords member Neville-Rolfe is Parliamentary Under-Secretary for Department of Culture, Media and Sport, the department that now houses the Information Commissioner’s Office.  Article 43a is a “new” portion of the GDPR, added after the Commission’s initial draft... Read More

The Privacy Advisor

FTC, DoC answer Privacy Shield questions

(Feb 4, 2016) The U.S. Department of Commerce and FTC Commissioner Julie Brill provided new details about the EU-U.S. Privacy Shield late Wednesday afternoon and Thursday morning. The DoC, in an interactive Q&A, took to Twitter to answer questions on its role in the potential agreement, while Brill discussed the FTC’s role in a webcast interview with Information Technology and Innovation Foundation President Robert Atkinson. Specifically, Brill said the FTC won’t change the way it enforces privacy cases,... Read More

The Privacy Advisor

The Privacy Shield now faces an uphill battle

(Feb 4, 2016) On Tuesday, Vice-President Andrus Ansip and Commissioner Vera Jourová announced that the EU Commission had approved a political agreement on what will henceforth be known as the “EU-US Privacy Shield.” Over the coming weeks they will have to draft a fresh EU Commission adequacy decision to replace the previous “Safe Harbor” decision, which the Court of Justice of the European Union found invalid in Schrems. There is already speculation that the validity of this new decision will itself be challe... Read More

The Privacy Advisor

Top 10 operational impacts of the GDPR: Part 7 - Vendor Management

(Feb 4, 2016) The new General Data Protection Regulation (GDPR), put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December 2015, is set to replace the Data Protection Directive 95/46/ec. Once the GDPR is formally adopted by the European Parliament and Council and printed in the Official Journal of the European Union sometime this spring, it will be directly applicable in each member state and lead to a greater degree of data protection ha... Read More

The Privacy Advisor, Westin Research Center

Podcast: Making Sense of the Privacy Shield

(Feb 3, 2016) On Tuesday, the European Commission and U.S. Department of Commerce jointly announced a new data-transfer framework, the EU-U.S. Privacy Shield, to replace the invalidated Safe Harbor agreement. The Privacy Shield includes a new Federal ombudsman to oversee intelligence access to EU citizen data, a multi-step complaint resolution mechanism for EU citizens, and a number of other new provisions. But what does it mean for European and American companies that just want to transfer data while complyi... Read More

The Privacy Advisor

How sturdy is the Privacy Shield?

(Feb 3, 2016) Is there anyone in Europe who doesn't work for @EU_Commission and has something positive to say about #PrivacyShield? Rigour people, rigour! — Eduardo Ustaran (@EUstaran) February 2, 2016 The EU Commission and the U.S. have agreed on a new framework for transatlantic data flows, igniting a flurry of #SafeHarbor tweets, many skeptical and some incredulous, and prompting every law firm that’s ever looked at a data protection case to send out a client alert. But the alerts were fairly v... Read More

The Privacy Advisor

EU DPAs respond to Privacy Shield; BCRs are a go, for now

(Feb 3, 2016) Though the future of transatlantic data transfers continues to hang in the balance, one more clue was offered Wednesday afternoon in Brussels, with official word from the EU’s collection of data protection authorities on their assessment of the newly proposed EU-U.S. Privacy Shield arrangement. The head of the Article 29 Working Party (WP29) said during a press conference that the group “welcomed” the agreement but needed further documentation to assess its legality. “It is still only words fro... Read More

The Privacy Advisor

Commission, Commerce announce new EU-US data transfer agreement

(Feb 2, 2016) After intense negotiations between senior EU and U.S. officials throughout the weekend and into this week, the European Commission announced Tuesday it has reached a new transatlantic data transfer agreement with the United States. The U.S. Department of Commerce later confirmed details in a conference call with reporters. Though not yet legally binding, the agreement would pave the way for a new accountable regime for data transfers, that both provides EU citizens with a right of redress, invo... Read More

The Privacy Advisor