DATA PROTECTION

Senate passes bill that would encourage companies to share with Gov’t cyber threats indicators but could compromise privacy

Date 11/13/2015.

On October 27, 2015, the Senate passed the Cybersecurity Information Sharing Act (S. 754), “CISA”. The bill addresses internet data breaches and cybersecurity. It does not “contain any provisions that would directly improve computer or network security. Instead it would encourage private entities to share information with the federal government about possible threats to industrial […]

Apple’s customers protected from mass surveillance?

Date 11/10/2015.

On October 19, 2015, Apple reiterated that it is technically impossible for them to respond to government’s request for customers data. The US Eastern District Court of New York asked Apple whether the assistance the government seeks from Apple to investigate consumers’ electronic devices is technically feasible and, if so, whether compliance with the proposed order would […]

Dutch Gov’t’s surveillance of law firms is illegal (court of appeal affirms)

Date 11/04/2015.

On October 27, 2015, the Court of Appeal of The Hague (Gerechtshof Den Haag) affirmed the District Court’s decision that found the Dutch government’s surveillance of Dutch law firms illegal. See here. The Court of Appeal dismissed all grounds of appeal raised by the Dutch Government and held that the communication between a lawyer and his or her […]

Safe Harbour 2.0 within reach?

Date 11/03/2015.

On October 29, 2015, Reuters reported that according to U.S. Secretary of Commerce Penny Pritzker, “Safe Harbor 2.0” is very near to be a reality. On the European side, on October 26, 2015, Vera Jourova, the EU Commissioner for Justice, Consumers and Gender Equality, reiterated that “it is crucial to conclude the discussions with our […]

German DPAs announce they wouldn’t authorize data transfers to US based on binding corporate rules or data transfer agreements

Date 11/03/2015.

After the recent decision by the ECJ which gave back to the EU data protection authorities the right to examine whether data transfers violate EU privacy rules despite compliance with Safe Harbor, which was in fact abolished, the  WP29 offered some practical suggestions to businesses reminding that “Standard Contractual Clauses and Binding Corporate Rules can still be used” for […]

Schrems’ Austrian data protection action against Facebook found to have favorable grounds on appeal

Date 10/27/2015.

On October 10, 2015, the Vienna Court of Appeal (Oberlandesgericht Wien) issued a written decision in the Austrian Data Protection action against Facebook. The Court of Appeal overturned the Vienna Regional Court’s decision of July 2015 that had rejected plaintiff Maximilian Schrems’ complaint for lack of jurisdiction. See here. On July 14, 2015, the plaintiff had appealed […]

Post Schrems-decision issued by Portuguese DPA

Date 10/25/2015.

On October 23, 2015, the Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados – CNPD) issued its post-Schrems decision. Implementing the Schrems decision, and referring also to the WP29’s recent statement, the CNPD prohibited data transfers to the US under Safe Harbor. The Authority stated that it will issue provisional authorizations under systems […]

WP29 issues post-Schrems statement urging political solution for transfer of data EU-US within end of 2015 and giving some practical suggestions in the interim

Date 10/21/2015.

After the EU Court of Justice (ECJ) held that the Safe Harbour decision is invalid (see here ), all transfers of personal data that are still taking place under the decision are unlawful. So the Article 29 Working Party (WP29) in its September 16, 2015 statement after the ECJ’s Schrems decision. The Woking group also opines that […]