Recently, the European Union Court of Justice invalidated a Safe Harbor Framework (established in 2000), which thousands of companies relied upon to facilitate the transfer, processing and storage of data from the EU to the U.S. The Court also empowered EU national authorities to investigate individual complaints regarding the transfer and storage of personal data outside the EU.
Some companies may have protective language in their contracts and others may have separately negotiated agreements (often known as Binding Corporate Rules), which offer some safeguards. EU and U.S. authorities also are trying to negotiate a new agreement with safe harbor protections in light of this ruling, but those negotiations are going to take time.
Any company that processes and stores data from the EU, including customer and employee personal data, should be reviewing its contracts and procedures and monitoring these developments.
- Cybersecurity and Privacy Law
- Cybersecurity Regulation
- Cyber Insurance
- Data Breach
- Privacy Laws
- California Consumer Privacy Act
- General Data Protection Regulation
- Class Action Litigation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- 2023: The Year of the CPRA and CDPA - Virginia Joins California in Passing Comprehensive Privacy Legislation
- Cybersecurity Remains a Top Concern
- Data Security in the Remote-Work Environment – 10 Reminders Regarding Data Security and Cyber Attacks
- Stay Safe While “Zooming”
- Revisions to Proposed CCPA Regulations Released
- Happy New Year from the CCPA
- Can’t We All Get Along in the Cyber Sandbox?
- California's New Privacy Law is Coming - Are You Ready?
- Gearing up for National Cybersecurity Awareness Month: KMK Hosts Third Annual Cybersecurity & Privacy Seminar
- Ohio Data Protection Act - Safe Harbor for Businesses in Ohio