ECJ Strikes Down US-EU Safe Harbor for transfer of personal data

Not So Safe: The ECJ Strikes Down U.S.-EU Safe Harbor

The Safe Harbor Framework governing transfer of personal information from the European Union to the United States is no more. On October 6, 2015, the European Court of Justice (ECJ) struck down the vaunted bilateral data protection and transfer agreement, impacting over 4,700 companies that relied on the Safe Harbor for transporting and storing European data overseas. The decision, which took effect immediately and left no grace period for international organizations to make alternative arrangements, vigorously reinforces European legal protections for data privacy while leaving a broad swath of data-related commercial activity on tenuous legal ground.

Read more

federal trade commission data privacy

Demystifying Privacy Law: FTC Data Privacy Enforcement

Unlike many countries in the world, the United States does not have one regulatory agency with authority to monitor and enforce data privacy violations. The U.S. uses a sectoral model of data privacy protection, using a variety of enforcement mechanisms. One of those enforcement mechanisms–and perhaps the predominant one–is the Federal Trade Commission, or the FTC, which acts as a watchdog to protect against data privacy violations. It can bring lawsuits for “unfair practices” or “deceptive practices” for many violations, including breaches of a data controller’s privacy policy. What is the source of FTC data privacy enforcement, and how does it go about enforcing data privacy? This article provides an overview of FTC’s power, contemporary issues of FTC enforcement, and potential hotspots for data privacy-related government litigation.  Read more

drafting privacy policy

Demystifying Privacy Law: Drafting a Privacy Policy

If your business collects personally identifiable information (or PII) about your customers, you will need a privacy policy to let them know how you plan to collect, use, share and secure information about them. In an increasingly digitalized world, privacy policies command nearly the same level of respect as mission statements. Privacy policies set out an organization’s first principles of consumer protection and provide a roadmap of how sensitive issues such as PII are handled. This article describes some of the factors that go into a well-drafted privacy policy–and the factors that we advise our clients to think through.  Read more

personally identifiable information

Demystifying Privacy Law: Personally Identifiable Information (PII)

Nearly every organization collects personally identifiable information, or PII. Because of the sensitive nature of many different types of PII, its collection can pose an array of unique challenges, especially for younger or smaller organizations without a dedicated privacy department. The unwarranted release of such information can ravage people’s lives and forever destroy any modicum of trust an organization may enjoy with its customers and with the general public. One of the most fundamental privacy questions an organization may face is: what does “personally identifiable information” mean? Given the differing responsibilities that an organization has with respect to PII versus non-PII, the answer to this question is critical. This article is designed to help you flesh out the concept of personally identifiable information and begin to think about the ways your company should handle PII-related issues. Read more

us eu safe harbor

Demystifing Privacy Law: Making Sense of the U.S-EU Safe Harbor

UPDATE: Since this article was drafted, the US-EU Safe Harbor program has been shut down. There is now a new regime in place named Privacy Shield. Please see this article for more information.

Any company looking to transfer data about users from the European Union region to the United States will likely need to familiarize itself with the U.S.-EU Safe Harbor Framework. This article covers three topics: what is the U.S.-EU Safe Harbor, what are its advantages and disadvantages, and how to comply with the Safe Harbor. Read more