How The EU Data Privacy Regulation Will Affect American Companies’ Data Collection and Processing Practices – and Their Revenue

For American companies who do business in Europe or who process the personal data of EU residents, the world of data privacy and security is about to get much more complicated. While U.S. privacy law is unsettled, with rapidly proliferating state and federal laws and regulations and uncertainty as to how strictly they will be enforced, the rules in the European Union are tough and about to get much tougher. The General Data Protection Regulation (EU) 2016/679 (GDPR), slated to take effect in May 2018, will give consumers in the EU substantially more control over how their personal data is used. The increased control includes the right to:

  1. access any personal data that has been collected,
  2. obtain confirmation about whether an individual’s data is being processed, and
  3. require that the data be “erased” if the consumer withdraws consent.

Continue Reading The GDPR and The Bottom Line

On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog.
Continue Reading EU-US Privacy Shield: Brace Yourself . . . or Maybe Not

Privacy activists across Europe raised their data protection banner following the announcement by EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová on Tuesday 2 February 2016 that a political agreement had been reached between the EU and the US on a new framework for handling transatlantic data flows. This does not bode well, especially because the exact content of the new agreement which will replace the “Safe Harbour” mechanism is still unknown. We will expand on the indications provided by the Commissioner on some of the negotiated protection mechanisms. More importantly, we will highlight the risks that over 4.000 companies, mainly US tech companies, still face and the measures they should put in place to ensure compliance with EU data protection rules.
Continue Reading EU-US Privacy Shield: Still Awaiting Certainty

Like a needle to a balloon, the Schrems decision has drastically altered the data privacy landscape. Who is affected? Everyone – consumers, corporations, employees. But who needs to take action? Any company with offices in the European Union and the United States, any European company that outsources work to the United States (do you know where your cloud is?), and any company that sends information from the EU to the United States.
Continue Reading The Schrems Decision: How the End of Safe Harbor Affects Your FCPA Compliance Plan