BlackRock Reports On Investment Stewardship Activities In Connection With Climate Change

CL
Cooley LLP

Contributor

Cooley LLP logo
Clients partner with Cooley on transformative deals, complex IP and regulatory matters, and high-stakes litigation, where innovation meets the law. Cooley has nearly 1,400 lawyers across 18 offices in the United States, Asia and Europe, and a total workforce of more than 3,000.
Although it may seem like the last millennium, it was only in January of this year that the CEO of BlackRock, Laurence Fink, in his annual letter to CEOs...
United States Privacy

The Court of Justice of the European Union (the "CJEU") has just issued a decision relating to transfers of personal data to the US.

By way of background, the General Data Protection Regulation ("GDPR") provides that personal data may only be transferred outside of the EU subject to certain conditions/criteria/safeguards. In this respect, to date, a number of entities would transfer personal data to a US entity in reliance of the fact that the US based recipient was a member of the Privacy Shield, given that the Privacy Shield was considered to be a mechanism that offered equivalent safeguards for personal data to those imposed by GDPR.

By means of this ruling, the CJEU has declared that the Privacy Shield can no longer be relied upon as a ground for transferring personal data since its protections are not deemed adequate. Transferring personal data to third countries without adequate protections or other legal grounds can carry hefty penalties under GDPR.

What should you do?

Step 1 – You should determine whether you are transferring personal data to an entity in US – e.g. because you have engaged a US entity to provide you with certain services, such as a data storage or hosting provider, or you form part of a group of companies that has entities located in the US. If you are not, then this decision might not be of immediate importance to you but should be borne in mind.

Step 2 – If you are / were transferring personal data to the US, you should check the processing grounds that you were relying on when transferring such personal data. If you relied on the Privacy Shield to do that then, since that ground no longer exists, you need to re-assess the situation and either stop transferring data or adopt other GDPR-safe procedures such as EU approved standard form contractual arrangements, then again this decision might not be of immediate importance to you but should be borne in mind.

Originally published July 1, 2020.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More