Archives: Cross-Border Transfers

Subscribe to Cross-Border Transfers RSS Feed

Cross-Border Considerations for Protecting IP Developed by Employees and Independent Contractors

Is your startup considering hiring software developers in a foreign country to work on the latest version of your app?  Is your company considering acquiring an entity with employees who have developed intellectual property (“IP”) in non-U.S. jurisdictions?  From hiring independent contractors or employees (each may be referred to in this post as “Contributors”) to … Continue Reading

Blog Post: Swiss-US Privacy Shield Adopted, Aligns with EU-US Privacy Shield

Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from … Continue Reading


On February 29, 2016, the Department of Commerce and European Commission released the details of the new US-EU Privacy Shield program, intended to replace the now defunct US-EU Safe Harbor program. According to the materials released, the new program includes an expanded set of privacy principles, increased operational vetting to be conducted by the Commerce … Continue Reading


EU Justice Commissioner Vera Jourová and her colleague Andius Ansip gave a press conference this afternoon (local time) announcing that the long-running negotiations between the EU and US to find a replacement to the invalidated Safe Harbor program have reached a successful conclusion. The US Department of Commerce gave a subsequent briefing about the agreement … Continue Reading

Safe Harbor: European Commission issues guidance to clarify the EU-US data transfer conundrum

On 6 November 2015, the European Commission issued guidance in the form of a Communication on the transfer of personal data from the EU to the US following the Schrems Judgment at the beginning of October (for information on the Judgment, see DLA Piper’s Privacy Matters blog post).… Continue Reading

EUROPE – UNITED STATES: 10 practical proposals for bridging the US-EU data privacy ocean

Nineteen renowned privacy experts from the US and the EU, amongst them DLA Piper’s Patrick Van Eecke, have developed ten practical proposals to increase the transatlantic level of protection of personal data. Most proposals can be implemented within existing different legal systems and are applicable worldwide. It concerns pragmatic bridges that benefit people, companies, governments … Continue Reading

BREAKING NEWS – SAFE HARBOR: G29 Issues its First Statement on Schrems

Calling on Member States and EU institutions to open discussions with US authorities in order to find political, legal and technical solutions to transfer data to the US, the G29 states that Model Clauses and BCRs can be used while G29 is analyzing transfer mechanisms; enforcement may begin in February 2016. On October 16, 2015, … Continue Reading

AUSTRIA: Update by the DPA regarding Model Clauses and BCR after the Safe Harbor judgement

Written by Stefan Panic Further to its initial public statement regarding the ECJ Safe Harbor judgement, the Austrian DPA has released an update, clarifying its position that, for the time being, the Austrian DPA will accept EU Model Clauses or Binding Corporate Rules as basis for transfers of personal data to the USA. Wheras the … Continue Reading

FTC Signs Memorandum of Understanding with Dutch Authority on Privacy Enforcement Cooperation

On March 9, 2015, the Federal  Trade Commission (FTC) announced that it executed a Memorandum of Understanding on privacy enforcement cooperation with the Dutch Data Protection Authority. In executing the MOU, the FTC noted that it increasingly seeks the assistance of international privacy authorities in its efforts to protect consumer privacy. In the MOU, the parties … Continue Reading

“Toubon Law” 20 Years On: The Cyber Economy and France’s Law on the Mandatory Use of the French Language

Written by: Carol Umhoefer; Farid Bouguettaya; and Maruschka Graham In 1994, France implemented a law, known as the “Toubon Law” after France’s then-minister of Culture, Jacques Toubon, to preserve the French language, protect French consumers and promote French culture. At the time, the world wide web and the cyber economy were nascent; online marketplaces were … Continue Reading

Hong Kong Privacy Commissioner Issues Guidelines re Cross-Border Data Transfers

Although the restrictions for transfer of personal data outside of Hong Kong set out in section 33 of the Personal Data (Privacy) Ordinance (the Ordinance) are currently not yet in force, on December 29, the Hong Kong Privacy Commissioner for Personal Data (PCPD) published a Guidance on Personal Data Protection in Cross-border Data Transfer (the … Continue Reading

EU – International data transfers from processors to processors made easier, good news for cloud providers and outsourcers

By Patrick Van Eecke and Elisabeth Verbrugge Working Party 29 issued a working document on model clauses for personal data transfers from EU data processors to non-EU sub-processors. This is an important step towards creating a more comprehensive framework for contract-based personal data transfers outside the EEA. European data protection laws in principle prohibit the … Continue Reading

Bill of law on Internet-related matters is voted in Brazil

Written by Adriano Chaves  and Maria Paula Souza, Campos Mello Advogados law firm (Brazil)* The so-called “Marco Civil da Internet” (i.e. the Bill of Law 2,126/2011, which establishes a civil rights framework for the Internet) was voted and approved by the Brazilian House of Representatives (Câmara dos Deputados) this week. Now it will be submitted … Continue Reading

DLA Launches New Edition of Data Protection Laws of the World Handbook

DLA Piper’s Data Protection & Privacy group are delighted to announce the launch of the third edition of the Data Protection Laws of the World Handbook – a great way to celebrate Data Protection Day! This edition is particularly exciting as it is available via our new online site, which has a number of new … Continue Reading


By Aline Doussin, DLA Piper London On Sunday 24 November, the Islamic Republic of Iran and the member-states of the Group 5+1 (the five permanent UN Security Council members plus Germany) struck an historic deal providing Iran with approximately $7 billion in relief from international sanctions in exchange for Iranian curbs on uranium enrichment and other nuclear activity. While this agreement is … Continue Reading

EU Member State Leaders Vote to Delay Adoption of New Data Protection Framework

Yesterday, at the European Council summit in Brussels, leaders from the 28 EU member states agreed to push back the deadline for the adoption of the new EU data protection framework, agreeing that the deadline should be in 2015, rather than the May 2014 deadline that the European Parliament and European Commission had set out. … Continue Reading


Written by: Emma Thomas The EU Parliament’s Civil Liberties Committee (LIBE) has approved a compromise set of amendments to the EU Data Protection Regulation that moves the Parliament’s position to the left, giving consumers more individual control over their personal information. Two earlier proposals, from the European Commission and the EU Council of Ministers, were … Continue Reading


Written by Alec Christie and Reyhaneh Saadati The Office of the Australian Privacy Commissioner has released its new Guide to Information Security: Reasonable Steps to Protect Personal Information. The Guide aims to assist Australian businesses and those carrying on business in Australia to “take reasonable steps” to protect the personal information they hold in light … Continue Reading


The Privacy Commission recently updated its recommendation n°4/2009 on direct marketing with a new recommendation (n°02/2013), in order to align its views with recent changes in the legal landscape. The new recommendation for instance now clearly refers to the use of cookies in a direct marketing context, stating that the explicit consent of the recipient … Continue Reading

Europe weighs in on mobile app privacy

The Article 29 Working Party – the data protection working group for the European Union which is composed of representatives from the European Commission and the data protection authorities of EU member states – recently released it Opinion 2/2013 on smart devices and mobile apps.  According to the Opinion, app developers are subject to some … Continue Reading


DLA Piper has published the second edition of its Data Protection Laws of the World reference guide, expanding the handbook’s scope to cover 12 key features of the privacy laws of 63 countries that affect our clients. Data Protection Laws of the World is searchable by country and by subject matter. View or download the handbook here.… Continue Reading

Saudi Arabia’s telecoms market opens up for competition

What has happened? The telecoms regulator in the Kingdom of Saudi Arabia (KSA) has set a deadline of 4 May 2013 for companies to submit applications for three mobile virtual network operator (MVNO) licenses in the KSA, as the market opens up for further competition. The winners of the licenses will be announced twelve weeks … Continue Reading

Ukraine: Changes in personal data protection legislation

Written By:  Natalia Pakhomovska and Galyna Zagorodniuk Upon coming into effect on 20 December 2012, the changes to the Law of Ukraine “On protection of personal data” (the Law) have simplified procedures of personal data processing in Ukraine. These changes released the owners of personal data from necessity of adherence to numerous ‘impracticable’ procedures in the process of … Continue Reading

European Parliament Seeks to Broaden the Scope of the Draft Data Protection Regulation and Strengthen its Application

DLA Piper lawyers had the opportunity to review the European Parliament draft report on the Data Protection Regulation proposal that will be presented by Rapporteur Albrecht to the European Parliament on 10 January 2013. The proposed legislative changes  would impose significant additional requirements on entities that collect data about EU residents, including, notably, entities located outside … Continue Reading