Archives: EU Data Protection

Subscribe to EU Data Protection RSS Feed

Final Privacy Shield: How it Changed and What It Means for Businesses

On August 1st, the U.S. Department of Commerce will begin accepting applications for Privacy Shield certifications. For US organizations collecting employee and customer data from the EU, the past year has been an anxious one, as the European Court of Justice invalidated the EU-US Safe Harbor program in October 2015 and the terms of a … Continue Reading

Data Protection Working Party Announces decision to reject EU-US Privacy Shield

Written by Sydney White On April 13, the Article 29 Data Protection Working Party announced a decision to reject the EU-US Privacy Shield agreement as drafted and requested changes based upon the following concerns, on which we provide some initial analysis. The Privacy Shield lacks clarity due to its format (the European Commission adequacy decision … Continue Reading

EUROPE – US: EU Data Protection Authorities voice strong concerns about Privacy Shield

EU Data Protection Authorities demand improvements before EU – US transfer mechanism will be approved. The Article 29 Working Party (“WP29“), which comprises the national data protection authorities of the EU member states, issued a statement on Wednesday strongly criticizing the draft “EU – US Privacy Shield” proposal. Privacy Shield is intended to be the … Continue Reading

EUROPE: The Applicability Of EU Data Protection Laws To Non-EU Businesses

Written by Carol Umhoefer ( and Caroline Chancé ( This article first appeared in E-Commerce Law and Policy – volume 18 issue 03 (March 2016). On December 16, 2015, the Article 29 Data Protection Working Party (“WP29″) updated their Opinion 8/2010[1] on applicable law in light of the landmark decision Costeja v. Google[2] rendered by … Continue Reading

MATERIALS NOW AVAILABLE ON DEMAND – From Safe Harbor to Privacy Shield: What Now?

We are pleased to offer materials from our March 7 webinar. The EU announced last month that the negotiations to create a new framework permitting data transfers between Europe and the US have concluded, and the new framework has been agreed. The Privacy Shield text and supporting materials have also been released. The new program, … Continue Reading


On February 29, 2016, the Department of Commerce and European Commission released the details of the new US-EU Privacy Shield program, intended to replace the now defunct US-EU Safe Harbor program. According to the materials released, the new program includes an expanded set of privacy principles, increased operational vetting to be conducted by the Commerce … Continue Reading


Written by Giangiacomo Olivi, Jim Halpert and Carol Umhoefer DLA Piper Shared Insights at Bloomberg Law’s 2016 Outlook on Privacy and Data Security in Washington DC On February 3rd, the day after the announcement of the US-EU Privacy Shield provisional agreement, DLA Piper’s Carol Umhoefer, Jim Halpert and Giangi Olivi discussed EU data protection developments … Continue Reading

WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US

Following on from yesterday’s announcement regarding the political agreement of the EU-US Privacy Shield, to replace the Safe Harbor program, European data protection authorities met today to be briefed on this. Their view at present seems to be cautiously optimistic. The group, called the Article 29 Working Party, welcomed the political agreement but noted that … Continue Reading


EU Justice Commissioner Vera Jourová and her colleague Andius Ansip gave a press conference this afternoon (local time) announcing that the long-running negotiations between the EU and US to find a replacement to the invalidated Safe Harbor program have reached a successful conclusion. The US Department of Commerce gave a subsequent briefing about the agreement … Continue Reading

POLAND: Safe Harbor Decision – Polish Data Protection Authority (the GIODO) Issues Statement on Its Approach

Written By Justyna Wilczyńska-Baraniak and Damian Karwala, DLA Piper Wiater GIODO broadly confirms Article 29 Data Protection Working Party’s 16 October 2015 statement The Polish data protection authority (Inspector General for Personal Data Protection – “GIODO”) has released a statement regarding the Safe Harbor Decision of the European High Court of Justice (statement available in … Continue Reading

Safe Harbor: European Commission issues guidance to clarify the EU-US data transfer conundrum

On 6 November 2015, the European Commission issued guidance in the form of a Communication on the transfer of personal data from the EU to the US following the Schrems Judgment at the beginning of October (for information on the Judgment, see DLA Piper’s Privacy Matters blog post).… Continue Reading

EUROPE – UNITED STATES: 10 practical proposals for bridging the US-EU data privacy ocean

Nineteen renowned privacy experts from the US and the EU, amongst them DLA Piper’s Patrick Van Eecke, have developed ten practical proposals to increase the transatlantic level of protection of personal data. Most proposals can be implemented within existing different legal systems and are applicable worldwide. It concerns pragmatic bridges that benefit people, companies, governments … Continue Reading

BREAKING NEWS – SAFE HARBOR: G29 Issues its First Statement on Schrems

Calling on Member States and EU institutions to open discussions with US authorities in order to find political, legal and technical solutions to transfer data to the US, the G29 states that Model Clauses and BCRs can be used while G29 is analyzing transfer mechanisms; enforcement may begin in February 2016. On October 16, 2015, … Continue Reading

AUSTRIA: Update by the DPA regarding Model Clauses and BCR after the Safe Harbor judgement

Written by Stefan Panic Further to its initial public statement regarding the ECJ Safe Harbor judgement, the Austrian DPA has released an update, clarifying its position that, for the time being, the Austrian DPA will accept EU Model Clauses or Binding Corporate Rules as basis for transfers of personal data to the USA. Wheras the … Continue Reading

FRANCE: CNIL to Hold Emergency Meeting on Oct. 7 Following ECJ Safe Harbor Decision

Written by Jeanne Bossi Malafosse and Carol Umhoefer After the ECJ’s Oct. 6 decision invalidating the EU-US Safe Harbor, all the European data protection authorities are facing an unprecedented situation: What will be the legal basis for personal data transfers to the United States? How will transfers be authorized? The Article 29 Working Party, presided … Continue Reading


Written by Patrick van Eecke and Loretta Marshall Yesterday, in a ground-breaking Decision, the Court of Justice of the European Union (CJEU) declared the US Safe Harbor scheme to be invalid, as well as confirming that individuals have the right to challenge any similar schemes that may be established by the European Commission through their … Continue Reading

Ground-breaking European Court Decision – US Safe Harbor declared invalid

On October 6th, in a ground-breaking Decision, the Court of Justice of the European Union (CJEU) declared the US Safe Harbor scheme to be invalid, as well as confirming that individuals have the right to challenge any similar schemes that may be established by the European Commission through their national data protection authorities. The US … Continue Reading

Germany: Impact of Safe Harbor case on German data transfers?

By Jan Pohle In an earlier post, my colleagues reported on the Safe Harbor case currently being dealt with at the European Court of Justice. For the time being the Safe Harbor certification basically justified a data transfer from Germany to the United States. Nevertheless since 2013 the Safe Harbor Agreement became subject to decreasing … Continue Reading