The Privacy Shield is now live, having gone into effect on
August 1. Perhaps emboldened by the Article 29 Working Party's
late July announcement that European regulators will not
challenge the program's adequacy for at least a year (after the
first annual review of the program in May 2017), companies have
begun self-certifying in order to legalize their transfers of
personal data from the EU to the US. However, as we reported
previously, the Privacy Shield nevertheless faces a somewhat
precarious future, as it is likely that it will face multiple legal
This uncertainty was underscored just after the Privacy Shield
went live, when Hamburg, Germany's data protection authority
(DPA) announced its intention to challenge the Privacy Shield's legality
before the Court of Justice of the European Union (CJEU) –
the same court that
struck down the Safe Harbor program last October. There are a
few obstacles standing in the way of the Hamburg DPA's proposed
challenge, however. First, pursuant to the Article 29 Working Party
announcement mentioned above, the Hamburg DPA would not challenge
the Privacy Shield until after the program's first annual
review, meaning that the soonest the DPA could bring its challenge
would be in mid-2017. Second, and perhaps more significantly, the
DPA needs to wait for German law to be amended to allow a DPA to
challenge European Commission adequacy decisions – such as
the decision regarding the adequacy of the Privacy Shield – in
court. Currently, German law does not explicitly give German DPAs
the right to bring such a suit. However, the Hamburg DPA has taken
the position that in order to bring the country's laws into
line with the requirements of the General Data Protection
Regulation (see our posts
here), German law should be amended to give DPAs the right to
bring those challenges in court.
It likely will be at least several months before the law is
amended, which means that it may be awhile before the Hamburg DPA
can follow through on its threat. Regardless, the Hamburg DPA's
announcement shows that companies need to approach the Privacy
Shield with caution, as it remains at risk of facing legal assaults
from all sides – individuals, privacy activists, and DPAs
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).