New year, new mechanism for US-EU data transfers?

Last October, President Joe Biden’s administration published an executive order regarding a new EU-U.S. Data Privacy Framework – the replacement of the so-called Privacy Shield mechanism that previously allowed transfers of personal data from the EU to the United States. The executive order immediately sparked the European Commission’s process to assess the new U.S. regime and prepare a respective adequacy decision, which would bring considerable…

Schrems II: what are the implications for data transfers from the GCC?

In Schrems II, the European Court of Justice rejected the Privacy Shield as a legitimate basis for personal data transfers: what are the potential consequences for data processing in the Gulf Cooperation Council countries? This article provides guidance. The European Court of Justice’s recent Schrems II decision (case C-311/18) has attracted a lot of attention in data protection circles. One of the key outcomes of…

European Court of Justice - A ‘Like’ button on your website? Then you are a joint data controller with Facebook!

Website operators who feature a ‘Like’ button have been ruled to be joint controllers for data protection purposes in a recent European Court of Justice judgement. In a judgment of 29 July 2019 (Fashion ID GmbH & Co, C-40/17) the European Court of Justice ruled that operators of a website that features a ‘Like’ button are controllers jointly with Facebook. This means they must make an arrangement with…

International Data Transfers – what should employers do now?

This week (Tuesday,  February 7, 2017), the hearings have started in the “Schrems II” litigation before the Irish High Court. The result of this litigation might be that the High Court refers proceedings to the European Court of Justice (EU CoJ) with the request to declare the “Standard Contract Clauses” (SCC) to be invalid. This is just another development around international transfers, following the EU…