On July 16, 2020 the European Court of Justice (ECJ) issued an epochal decision (judgment in case C-311/18 Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems): not only was the Privacy Shield wiped out (the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield was invalidated) but the ECJ, […]
On June 14, 2019, the FTC reached a settlement with SecurTest, Inc., a background screening company over allegations that it falsely claimed to be a participant in the EU-U.S. Privacy Shield program. This is the result of the FTC taking action against false claims of participating to the EU-US Privacy Shield Framework. See here. […]
Tags: DATA PROTECTION
In August, the FTC took action against false claims of participating to the EU-US Privacy Shield Framework. These are the first cases addressing the Privacy Shield Framework introduced on July 12, 2016. Allegedly, the companies under investigation started the application for the EU-U.S. Privacy Shield but never completed it; yet they falsely claimed to be […]
On October 18, 2017, the EU Commission published its report on the first annual review of the EU-U.S. Privacy Shield. The report reflects the Commission’s findings on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its first year of operation. According to the EU Commission, the Privacy Shield “continues to ensure an […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
On January 12, 2017, Switzerland approved the Swiss-U.S. Privacy Shield Framework. Switzerland considers the agreement as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will replace the U.S.-Swiss Safe Harbor immediately. Switzerland will begin accepting Privacy Shield certifications starting […]
As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]
On October 27, 2016, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) authorized the transfer of personal data to the U.S. according to the EU-US Privacy Shield. With its decision, the Italian DPA has aligned itself with to the European Commission’s decision of adequacy, which recognized the Privacy Shield as granting an adequate […]
On July 26, 2016, the Article 29 Working Party (WP29) released a statement on the decision of the European Commission on the EU-U.S. Privacy Shield. The statement refers to the Privacy Shield approved by the European Commission on July 12, 2016 (see here) and addresses the changes brought to the text of the document after […]