This month we’re celebrating Privacy Shield’s first birthday (admittedly, a bit belated) with an update on everything Privacy Shield. There have been a number of developments on the Privacy Shield-front that companies certified or seeking self-certification under Privacy Shield need to know. If you are looking for a quick primer on Privacy Shield, please check out our previous post here. Once you’re ready, read on: Continue Reading Privacy Shield: Year One Updates You Need To Know
For the moment it depends who you ask. In recent weeks, we have heard talk of walls and borders. But some at the Department of Justice are working to break down barriers and convince the courts that they can gain access to a person’s data regardless of where it is ultimately stored. In this post I address two recent cases that reached completely different results on whether the government can enforce a warrant that seeks data from a U.S. company but that is stored in a foreign country. Continue Reading Blurred Lines: Can the Government Seize U.S. Data Housed in a Foreign Country?
2016 brought important news for any company that transfers across borders, or receives cross-border transfers of, consumer or employee personally identifying data (very broadly defined). On July 12th, the European Commission adopted the so-called “Privacy Shield” mechanism for data transfer between the European Economic Area and the US. US companies that choose to do so were able to self-certify for the Shield beginning August 1, 2016. But while approval of the Shield is welcome news to many companies that relied on the previously invalidated Safe Harbor Framework, not everyone will want to take advantage of it. Alternative data transfer mechanisms still exist. And for some companies the Privacy Shield may ultimately lead to more, not less, risk. Here’s a summary of what you need to consider.