As 2021 comes to a close, so does our 12 Days of Data series, but we will see you on the other side in 2022 with more posts on the top privacy and data protection issues. 2021 was an interesting year. While vaccinations spread and some sense of normalcy started to return, new strains of COVID-19 led to additional waves of shutdowns that stalled many of the debates. In 2022, we anticipate that the move toward a new normal will continue, and we will once again start to see traction on some of these data, privacy, and cybersecurity issues. As a preview, here are some of the key areas where we expect to see potential developments in 2022.

Continue Reading Closing out the 12 Days of Data: What to Expect in 2022

The Courts of Justice of the European Union (CJEU) held in its July 2020 Schrems II decision that, in order for entities in other countries to import personal data from the European Economic Area (EEA), the importer must be able to provide data protections ‘essentially equivalent’ to those the EEA offers under its General Data Protection Regulation. The CJEU expressed particular concern that United States’ national security intelligence gathering laws prevent U.S.-based entities from providing such protections. This decision has sharply limited the sharing of clinical research data from the EEA to the United States. After describing the pertinent aspects of the Schrems II decision, this article evaluates U.S. national security intelligence gathering frameworks, including Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333. The article then leverages recent draft guidance from the European Data Protection Board to explain how entities may be able to adopt widely used contractual and technical measures, such as data pseudonymization, to provide ‘essentially equivalent’ protections in the clinical research context.

Continue Reading Demystifying Schrems II for the Cross-Border Transfer of Clinical Research Data

Cyber SecurityAs we stand at the beginning of 2021 and a new presidential administration, we look back on the year behind us. Hindsight is always 2020, and 2020 may be best viewed in hindsight.  We saw rapid changes in the privacy space, prompted in part by the global COVID-19 response. Infrastructure and services across multiple sectors continue to rely on data and digital platforms to function. Five prominent developments shaped the data privacy environment in 2020.

Continue Reading Privacy Year in Review: 2020’s Hottest Topics

The Court of Justice of the European Union (CJEU) dealt a blow to transatlantic data flows in July with its decision in Schrems II, invalidating the EU-U.S. Privacy Shield while conditionally approving the continued use of Standard Contractual Clauses (SCC). In a white paper published late last month, the U.S. government responded to the CJEU’s critical appraisal of American intelligence agencies’ data-collection practices by identifying Schrems II’s shortcomings and offering guidance to companies seeking to comply with it. Schrems II is problematic in various ways, the multi-agency paper concludes, but with minor adjustments, most EU-U.S. digital dealings should be able to continue as before.
Continue Reading What the CJEU Missed in Schrems II: American Agencies Respond

Cyber SecurityThe European Court of Justice this morning issued a significant – and fairly surprising – ruling on international data transfers in the Schrems II case. Standard contractual clauses remain valid, but the Privacy Shield is invalid and cannot be relied on to legitimise transfers of personal data from the EEA to the US.
Continue Reading Privacy Shield Invalid but SCCs Survive… What next for international personal data transfers?

The Opinion of Advocate-General (AG) Henrik Saugmandsgaardøe in the “Schrems II” case (C-311-18) was delivered on 19 December and will likely leave organisations, which currently rely on EC Commission-approved standard contractual clauses to ensure adequate protection for personal data that they transfer internationally heaving a collective sigh of relief, at least for the moment.

Continue Reading Schrems II and Standard Contractual Clauses – the Advocate-General’s Opinion