On October 3, 2017, the Irish High Court referred Data Protection Commissioner v. Facebook Ireland Limited & Maximilian Schrems to the Court of Justice of the European Union (CJEU), where the future of standard contractual clauses (SCCs) will be decided (here).
In December 2015—following the CJEU’s landmark decision in Maximillian Schrems v. Data Protection Commissioner invalidating the U.S.-EU Safe Harbor framework—Schrems amended his original complaint to the Irish Data Protection Commissioner (DPC), challenging the validity of data transfers to the U.S. based on the European Commission approved SCCs (available here). Based on the CJEU’s Schrems decision, the Irish DPC petitioned the Irish High Court asking to refer the matter to the CJEU for ruling on the question of whether the European Commission’s SCC decisions are valid under European law. Specifically, the Data Protection Commissioner questioned whether there is an effective remedy under U.S. law compatible with the requirements of Article 47 of the EU Charter of Fundamental Rights for an EU citizen whose data is transferred to the U.S., where such data is subject to electronic surveillance by U.S. agencies for national security purposes. EU citizens have a right guaranteed by Article 47 of the Charter to an effective remedy before an independent tribunal if their rights or freedoms are violated. These include the rights under Articles 7 and 8 to respect for private and family life and protection of personal data.
Continue reading “Irish High Court Refers Future of EU Model Clauses to CJEU”
Providing data subjects with meaningful information regarding the processing of their personal data and their rights with respect to such processing is an axiom of privacy law—and a key requirement under the General Data Protection Regulation (GDPR).
The significance of this principle of transparency was recently highlighted by the European Court of Human Rights (ECHR) in Bărbulescu v. Romania where the court affirmed an employee’s right to privacy when using communications tools in the workplace due, in part, to the employer’s failure to provide adequate notice regarding its internet monitoring activities. This post briefly discusses the principle of transparency under GDPR and its application to the Bărbulescu case.
Continue reading “GDPR and ECHR Make One Thing Abundantly Transparent: The Significance of Transparency”
The new General Data Protection Regulation (GDPR) is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive.
In our ongoing series of GDPR-focused webinars, we guide attendees through the (GDPR) provisions, which will take effect on May 25, 2018 for all companies conducting business with EU citizens.
With the deadline for compliance quickly approaching, these sessions provide practical, detailed advice on preparations, as well as developments related to GDPR compliance preparations. We have included links to each of these sessions and a summary of what was covered below.
Continue reading “Webinar Series: Preparing for the General Data Protection Regulation (GDPR)”
The use of “big data” throughout all levels of the economy has led authorities in both Europe and the United States to begin examining how such data may be used as a commodity and, therefore, how it might regulated.
However, authorities on either side of the Atlantic seem to be offering different approaches on the matter; those in Europe are suggesting that big data should be subject to EU abuse of dominance law, whereas U.S. authorities are resisting the notion of big data as an “essential facility” and are suggesting it be considered as an asset within existing merger review processes.
Continue reading “The Era of “Big Data” and EU/U.S. Divergence for Refusals to Deal”