The Internet of Things (IoT) segment has grown, and with it have come many examples of vulnerable products, from babycams whose feeds could be viewed by strangers online to hackable implantable cardiac devices. There are also infamous examples of botnets (i.e., clusters of hacked devices) featuring millions of IoT devices with one common trait: weak
After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that
On June 4, 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) governing exchanges of personal data between data controllers and data processors and transfers of personal data from the EU to the U.S. or other countries that are not deemed to ensure adequate protection for personal data. The revised SCCs
The European Commission (EC) approved the EU–U.S. Privacy Shield on Tuesday, July 12, after European Union member states, through the Article 31 committee, approved the pact the previous week (more on the draft adequacy decision back in March here and the earlier agreement laying out the Privacy Shield here). The decision will allow U.S.
The new General Data Protection Regulation (GDPR) (Regulation 2016/69, Apr. 27, 2016), approved by the European Parliament and the Council of the European Union, was formally published in the Official Journal of the European Union on May 4, 2016, and will replace the Data Protection Directive (Directive 95/46/EC) effective May 28, 2018. This
President Barack Obama signed the Judicial Redress Act on Wednesday, February 24, 2016, which will eventually enable European Union citizens to seek remedies for alleged privacy violations by the federal government in U.S. courts. The Act gives the U.S. Department of
On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal. The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015
The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for
A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the
