SlideShare a Scribd company logo

US-EU Safe Harbor Under Attack

M
Mark Aldrich

This document summarizes recent developments regarding the US-EU Safe Harbor framework for cross-border data transfers. It provides background on the Safe Harbor and outlines key events that have challenged its validity, including European court cases and actions by data protection authorities. These developments include a pending case before the European Court of Justice to determine the validity of Safe Harbor given revelations about US government surveillance programs. Several data protection authorities have also initiated enforcement actions against US companies that self-certified under Safe Harbor.

1 of 20
Download to read offline
US – EU Safe Harbor for Cross-Border Data Transfers: Cyberspace Law Committee Business Law Section State Bar of California Recent Developments of a Program Under Attack Mark B. Aldrich ©2015 Aldrich Law Group All Rights Reserved
US – EU Safe Harbor The Basics © 2015 Aldrich Law Group All Rights Reserved Recent Developments Enforcement Actions
US – EU Safe Harbor The Basics © 2015 Aldrich Law Group All Rights Reserved
US – EU Safe Harbor Basics • EU Data Protection Directive 94/46/EC © 2015 Aldrich Law Group All Rights Reserved - Established in 1998 - Prohibits Transfer of Personal Information Without Meeting EU “Adequacy” Standard • US Dept. of Commerce and EU Commission Developed Safe Harbor - Approved by EU in 2000
US – EU Safe Harbor Basics • US Companies may self-certify © 2015 Aldrich Law Group All Rights Reserved - Annual Certification to Department of Commerce - Public Notice of Compliance in its Privacy Policy
US – EU Safe Harbor Basics • Safe Harbor Privacy Principles © 2015 Aldrich Law Group All Rights Reserved - Notice - Choice - Third Party Transfers - Access - Security - Data Integrity - Enforcement
US – EU Safe Harbor Basics • Enforcement © 2015 Aldrich Law Group All Rights Reserved - Procedures for Verifying Safe Harbor Principles Implemented - Obligations to Remedy Problems Arising from Failure to Comply - Sanctions Must be Sufficiently Rigorous to Ensure Compliance - Readily Available and Affordable Method
US – EU Safe Harbor Recent Developments © 2015 Aldrich Law Group All Rights Reserved
US – EU Safe Harbor: Recent Developments • April 29, 2010 GDPA Decision © 2015 Aldrich Law Group All Rights Reserved - Active Verification of Compliance is Recommended • July 19, 2013 EU Commission V.P. - “Safe Harbor may not be so safe after all.” - “Could be a loophole for data transfers because it allows data transfers . . . although U.S. data protection standards are lower than our European ones.”
US – EU Safe Harbor: Recent Developments • July 24, 2013 © 2015 Aldrich Law Group All Rights Reserved - GDPA Reacts to Discovery of U.S. Surveillance Programs • November 27, 2013 - EC Calls on U.S. Authorities to Implement 13 Recommendations and Identify Remedies by Summer 2014
US – EU Safe Harbor: Recent Developments • March 12, 2014 © 2015 Aldrich Law Group All Rights Reserved - EU Parliament Calls for “Immediate Suspension” of the Safe Harbor Because the Principles “do not provide adequate protection for EU citizens” • April 10, 2014 - Article 29 Working Party Confirms EC’s 13 Recommendations
US – EU Safe Harbor: Recent Developments • August 8, 2014 © 2015 Aldrich Law Group All Rights Reserved - Center for Digital Democracy (US) Files Complaint With FTC Against 30 Companies for Safe Harbor Violations • October 9, 2014 - GDPA Publishes Guide for Cloud Computing Highlighting Full Liability of Cloud Provider for Damages to the Data Subject - Advised Implementation of EU Model Clauses or Binding Corporate Rules
US – EU Safe Harbor: Recent Developments • November 17, 2014 © 2015 Aldrich Law Group All Rights Reserved - TRUSTe Verification Service Settles Claim of Deception by FTC Alleging it Failed to Conduct Annual Re-certifications • January 27, 2015 - GDPA Demands Short Term Resolution of EU Concerns. States That a Failure of Negotiations Between EC and DOC May Result in the Suspension of All Data Transfers to US by Member DPA’s
US – EU Safe Harbor: Recent Developments • January 28, 2015 © 2015 Aldrich Law Group All Rights Reserved - GDPA (Berlin and Bremen) Announce Initiation of Administrative Proceedings Against Two U.S. Companies Which Self-Certified as Complaint With Safe Harbor • March 24, 2015 - European Court of Justice Set to Hear Schrems Appeal, Transferred From Ireland High Court, for Determination of Validity of Safe Harbor Framework Given Developments Since Enactment In 2000 and Snowden Revelations
US – EU Safe Harbor Enforcement Actions © 2015 Aldrich Law Group All Rights Reserved
US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Maximillian Schrems Files Administrative Complaint With the Ireland DPC and Requests Investigation of Facebook Data Protection Policy in Light of Snowden Revelations - DPC Refuses to Investigate Finding Preemption of National Law by Safe Harbor; No Evidence of Actual Harm to Schrems - Due to Preemption, Complaint Unsustainable in Law
US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Schrems Sues DPC for Failing to Investigate - Ireland High Court findings: • Preemption Confirmed • Actual Harm Not Required – Right to Privacy Inviolate • Given Developments Since 2000, It Was Unclear How the Safe Harbor Could Possibly Comply With Laws Enacted Since 2000
US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Case Referred to European Court of Justice (ECJ) to Answer the Following Questions: • Are DPC’s Absolutely Bound by Community Finding; • May a DPC Conduct Investigation of the Matter in Light of Factual Developments Since Safe Harbor Enacted
US – EU Safe Harbor: Enforcement Actions • German DPCs’ Admin. Actions © 2015 Aldrich Law Group All Rights Reserved - German Data Protection Commissioners in Berlin and Bremen Commenced Administrative Actions Against Two U.S. Companies Which Self-Certify Safe Harbor Compliance • Safe Harbor Insufficient Protection for German Data • Threaten to Block All Data Transfers Out of Germany
US – EU Safe Harbor for Cross-Border Data Transfers: Recent Developments of a Program Under Attack Mark B. Aldrich maldrich@algapc.com © 2015 Aldrich Law Group All Rights Reserved

Recommended

Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Raymond Cunningham
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
EU Data Protection Requirements Post-Safe Harbor
EU Data Protection Requirements Post-Safe HarborEU Data Protection Requirements Post-Safe Harbor
EU Data Protection Requirements Post-Safe HarborRadius - Global Growth Experts
 
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
International privacy with kevin haley
International privacy with kevin haleyInternational privacy with kevin haley
International privacy with kevin haleySarah Fletcher
 

Recommended

Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Raymond Cunningham
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
EU Data Protection Requirements Post-Safe Harbor
EU Data Protection Requirements Post-Safe HarborEU Data Protection Requirements Post-Safe Harbor
EU Data Protection Requirements Post-Safe HarborRadius - Global Growth Experts
 
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...TrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
International privacy with kevin haley
International privacy with kevin haleyInternational privacy with kevin haley
International privacy with kevin haleySarah Fletcher
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowEU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
GDPR for US Companies: A Primer
GDPR for US Companies: A PrimerGDPR for US Companies: A Primer
GDPR for US Companies: A PrimerJames C. Roberts III
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
香港六合彩
香港六合彩香港六合彩
香港六合彩pchgmf
 
Public Bill Seminar- Dorchester Presentations
Public Bill Seminar- Dorchester PresentationsPublic Bill Seminar- Dorchester Presentations
Public Bill Seminar- Dorchester PresentationsUK Parliament Outreach and Engagement Service
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Surabhi Jain
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Legal update - 1 July
Legal update - 1 JulyLegal update - 1 July
Legal update - 1 JulyRachel Aldighieri
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 
Semiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated CircuitsSemiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated CircuitsBananaIP Counsels
 
DOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTINGDOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTINGAncy Varghese
 
semiconductor protection act
semiconductor protection actsemiconductor protection act
semiconductor protection actwelcometofacebook
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 

More Related Content

What's hot

Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowEU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
香港六合彩
香港六合彩香港六合彩
香港六合彩pchgmf
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Surabhi Jain
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 

What's hot (18)

Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to know
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowEU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information Flow
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
 
GDPR for US Companies: A Primer
GDPR for US Companies: A PrimerGDPR for US Companies: A Primer
GDPR for US Companies: A Primer
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Public Bill Seminar- Dorchester Presentations
Public Bill Seminar- Dorchester PresentationsPublic Bill Seminar- Dorchester Presentations
Public Bill Seminar- Dorchester Presentations
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Legal update - 1 July
Legal update - 1 JulyLegal update - 1 July
Legal update - 1 July
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 October
 

Viewers also liked

Semiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated CircuitsSemiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated CircuitsBananaIP Counsels
 
DOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTINGDOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTINGAncy Varghese
 
semiconductor protection act
semiconductor protection actsemiconductor protection act
semiconductor protection actwelcometofacebook
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Copyright presentation
Copyright presentationCopyright presentation
Copyright presentationvalliappan1991
 
Design patent and utility patent
Design patent and utility patentDesign patent and utility patent
Design patent and utility patentAltacit Global
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
TRIPs agreement - WTO
TRIPs agreement - WTOTRIPs agreement - WTO
TRIPs agreement - WTOkevin Richard
 
trademark
trademarktrademark
trademarkIMDR
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Patent infringement
Patent infringementPatent infringement
Patent infringementPatSnap
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
 
Introduction to Intellectual Property Rights
Introduction to Intellectual Property RightsIntroduction to Intellectual Property Rights
Introduction to Intellectual Property RightsJamil AlKhatib
 
Intellectual property rights
Intellectual property rightsIntellectual property rights
Intellectual property rightsKaanael S. Mbise
 
Intellectual property rights in cyberspace
Intellectual property rights in cyberspaceIntellectual property rights in cyberspace
Intellectual property rights in cyberspaceRistya Anditha
 

Viewers also liked (20)

Semiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated CircuitsSemiconductors: Presentation on Semiconductor and Integrated Circuits
Semiconductors: Presentation on Semiconductor and Integrated Circuits
 
DOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTINGDOMAIN NAME AND CYBER SQUATTING
DOMAIN NAME AND CYBER SQUATTING
 
semiconductor protection act
semiconductor protection actsemiconductor protection act
semiconductor protection act
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Copyright presentation
Copyright presentationCopyright presentation
Copyright presentation
 
Design patent and utility patent
Design patent and utility patentDesign patent and utility patent
Design patent and utility patent
 
E contracts
E contractsE contracts
E contracts
 
E governance presentation
E governance presentationE governance presentation
E governance presentation
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
TRIPs agreement - WTO
TRIPs agreement - WTOTRIPs agreement - WTO
TRIPs agreement - WTO
 
trademark
trademarktrademark
trademark
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Patent infringement
Patent infringementPatent infringement
Patent infringement
 
Cyber Law
Cyber LawCyber Law
Cyber Law
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)
 
Introduction to Intellectual Property Rights
Introduction to Intellectual Property RightsIntroduction to Intellectual Property Rights
Introduction to Intellectual Property Rights
 
Intellectual property rights
Intellectual property rightsIntellectual property rights
Intellectual property rights
 
It act ppt ( 1111)
It act ppt ( 1111)It act ppt ( 1111)
It act ppt ( 1111)
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Intellectual property rights in cyberspace
Intellectual property rights in cyberspaceIntellectual property rights in cyberspace
Intellectual property rights in cyberspace
 

Similar to US-EU Safe Harbor Under Attack

Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshareFreddy Ntwari
 
Eversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments WebinarEversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments WebinarEversheds Sutherland
 
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...Mark Aldrich
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
Clarke wilmot presentation to ukti clients
Clarke wilmot presentation to ukti clientsClarke wilmot presentation to ukti clients
Clarke wilmot presentation to ukti clientsSuperfast Business
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014 Rachel Aldighieri
 
Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Rachel Aldighieri
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful EnterpriseEric Kavanagh
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?Seb Oram
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
US eDiscovery v UK eDisclosure
US eDiscovery v UK eDisclosureUS eDiscovery v UK eDisclosure
US eDiscovery v UK eDisclosureJ. David Morris
 
2015 Internet and ECommerce Law Review
2015 Internet and ECommerce Law Review2015 Internet and ECommerce Law Review
2015 Internet and ECommerce Law ReviewGraham Smith
 
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...Steven Meister
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 

Similar to US-EU Safe Harbor Under Attack (20)

Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshare
 
Eversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments WebinarEversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments Webinar
 
Apps World Privacy Keynote
Apps World Privacy KeynoteApps World Privacy Keynote
Apps World Privacy Keynote
 
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...
The New Privacy Shield for Trans-Atlantic Data - Is the Shield Better, Differ...
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
Legal update
Legal updateLegal update
Legal update
 
Clarke wilmot presentation to ukti clients
Clarke wilmot presentation to ukti clientsClarke wilmot presentation to ukti clients
Clarke wilmot presentation to ukti clients
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal update
 
The dma legal update summer 2014
The dma legal update summer 2014 The dma legal update summer 2014
The dma legal update summer 2014
 
Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014Legal update Leeds - 7 October 2014
Legal update Leeds - 7 October 2014
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise
 
EU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesEU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection Changes
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
US eDiscovery v UK eDisclosure
US eDiscovery v UK eDisclosureUS eDiscovery v UK eDisclosure
US eDiscovery v UK eDisclosure
 
2015 Internet and ECommerce Law Review
2015 Internet and ECommerce Law Review2015 Internet and ECommerce Law Review
2015 Internet and ECommerce Law Review
 
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...
The U.S. Privacy Shield Frameworks is coming to America as is EU GDPR– It’s t...
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 

US-EU Safe Harbor Under Attack

  • 1. US – EU Safe Harbor for Cross-Border Data Transfers: Cyberspace Law Committee Business Law Section State Bar of California Recent Developments of a Program Under Attack Mark B. Aldrich ©2015 Aldrich Law Group All Rights Reserved
  • 2. US – EU Safe Harbor The Basics © 2015 Aldrich Law Group All Rights Reserved Recent Developments Enforcement Actions
  • 3. US – EU Safe Harbor The Basics © 2015 Aldrich Law Group All Rights Reserved
  • 4. US – EU Safe Harbor Basics • EU Data Protection Directive 94/46/EC © 2015 Aldrich Law Group All Rights Reserved - Established in 1998 - Prohibits Transfer of Personal Information Without Meeting EU “Adequacy” Standard • US Dept. of Commerce and EU Commission Developed Safe Harbor - Approved by EU in 2000
  • 5. US – EU Safe Harbor Basics • US Companies may self-certify © 2015 Aldrich Law Group All Rights Reserved - Annual Certification to Department of Commerce - Public Notice of Compliance in its Privacy Policy
  • 6. US – EU Safe Harbor Basics • Safe Harbor Privacy Principles © 2015 Aldrich Law Group All Rights Reserved - Notice - Choice - Third Party Transfers - Access - Security - Data Integrity - Enforcement
  • 7. US – EU Safe Harbor Basics • Enforcement © 2015 Aldrich Law Group All Rights Reserved - Procedures for Verifying Safe Harbor Principles Implemented - Obligations to Remedy Problems Arising from Failure to Comply - Sanctions Must be Sufficiently Rigorous to Ensure Compliance - Readily Available and Affordable Method
  • 8. US – EU Safe Harbor Recent Developments © 2015 Aldrich Law Group All Rights Reserved
  • 9. US – EU Safe Harbor: Recent Developments • April 29, 2010 GDPA Decision © 2015 Aldrich Law Group All Rights Reserved - Active Verification of Compliance is Recommended • July 19, 2013 EU Commission V.P. - “Safe Harbor may not be so safe after all.” - “Could be a loophole for data transfers because it allows data transfers . . . although U.S. data protection standards are lower than our European ones.”
  • 10. US – EU Safe Harbor: Recent Developments • July 24, 2013 © 2015 Aldrich Law Group All Rights Reserved - GDPA Reacts to Discovery of U.S. Surveillance Programs • November 27, 2013 - EC Calls on U.S. Authorities to Implement 13 Recommendations and Identify Remedies by Summer 2014
  • 11. US – EU Safe Harbor: Recent Developments • March 12, 2014 © 2015 Aldrich Law Group All Rights Reserved - EU Parliament Calls for “Immediate Suspension” of the Safe Harbor Because the Principles “do not provide adequate protection for EU citizens” • April 10, 2014 - Article 29 Working Party Confirms EC’s 13 Recommendations
  • 12. US – EU Safe Harbor: Recent Developments • August 8, 2014 © 2015 Aldrich Law Group All Rights Reserved - Center for Digital Democracy (US) Files Complaint With FTC Against 30 Companies for Safe Harbor Violations • October 9, 2014 - GDPA Publishes Guide for Cloud Computing Highlighting Full Liability of Cloud Provider for Damages to the Data Subject - Advised Implementation of EU Model Clauses or Binding Corporate Rules
  • 13. US – EU Safe Harbor: Recent Developments • November 17, 2014 © 2015 Aldrich Law Group All Rights Reserved - TRUSTe Verification Service Settles Claim of Deception by FTC Alleging it Failed to Conduct Annual Re-certifications • January 27, 2015 - GDPA Demands Short Term Resolution of EU Concerns. States That a Failure of Negotiations Between EC and DOC May Result in the Suspension of All Data Transfers to US by Member DPA’s
  • 14. US – EU Safe Harbor: Recent Developments • January 28, 2015 © 2015 Aldrich Law Group All Rights Reserved - GDPA (Berlin and Bremen) Announce Initiation of Administrative Proceedings Against Two U.S. Companies Which Self-Certified as Complaint With Safe Harbor • March 24, 2015 - European Court of Justice Set to Hear Schrems Appeal, Transferred From Ireland High Court, for Determination of Validity of Safe Harbor Framework Given Developments Since Enactment In 2000 and Snowden Revelations
  • 15. US – EU Safe Harbor Enforcement Actions © 2015 Aldrich Law Group All Rights Reserved
  • 16. US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Maximillian Schrems Files Administrative Complaint With the Ireland DPC and Requests Investigation of Facebook Data Protection Policy in Light of Snowden Revelations - DPC Refuses to Investigate Finding Preemption of National Law by Safe Harbor; No Evidence of Actual Harm to Schrems - Due to Preemption, Complaint Unsustainable in Law
  • 17. US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Schrems Sues DPC for Failing to Investigate - Ireland High Court findings: • Preemption Confirmed • Actual Harm Not Required – Right to Privacy Inviolate • Given Developments Since 2000, It Was Unclear How the Safe Harbor Could Possibly Comply With Laws Enacted Since 2000
  • 18. US – EU Safe Harbor: Enforcement Actions • Schrems v. Data Protection Comm’r. © 2015 Aldrich Law Group All Rights Reserved - Case Referred to European Court of Justice (ECJ) to Answer the Following Questions: • Are DPC’s Absolutely Bound by Community Finding; • May a DPC Conduct Investigation of the Matter in Light of Factual Developments Since Safe Harbor Enacted
  • 19. US – EU Safe Harbor: Enforcement Actions • German DPCs’ Admin. Actions © 2015 Aldrich Law Group All Rights Reserved - German Data Protection Commissioners in Berlin and Bremen Commenced Administrative Actions Against Two U.S. Companies Which Self-Certify Safe Harbor Compliance • Safe Harbor Insufficient Protection for German Data • Threaten to Block All Data Transfers Out of Germany
  • 20. US – EU Safe Harbor for Cross-Border Data Transfers: Recent Developments of a Program Under Attack Mark B. Aldrich maldrich@algapc.com © 2015 Aldrich Law Group All Rights Reserved