- Acumen Powered by Robins Kaplan LLP®
- Affirmative Recovery
- American Indian Law and Policy
- Antitrust and Trade Regulation
- Appellate Advocacy and Guidance
- Business Litigation
- Civil Rights and Police Misconduct
- Class Action Litigation
- Commercial/Project Finance and Real Estate
- Corporate Governance and Special Situations
- Corporate Restructuring and Bankruptcy
- Domestic and International Arbitration
- Entertainment and Media Litigation
- Health Care Litigation
- Insurance and Catastrophic Loss
- Intellectual Property and Technology Litigation
- Mass Tort Attorneys
- Medical Malpractice Attorneys
- Personal Injury Attorneys
- Telecommunications Litigation and Arbitration
- Wealth Planning, Administration, and Fiduciary Disputes
Acumen Powered by Robins Kaplan LLP®
Ediscovery, Applied Science and Economics, and Litigation Support Solutions
-
April 15, 2024Robins Kaplan Named to 2024 BTI Client Service A-Team
-
April 9, 2024Robins Kaplan LLP Files Complaint Against Social Media Giants Meta, Snap, TikTok on Behalf of Spirit Lake Nation, Menominee Indian Tribe of Wisconsin
-
April 8, 2024Tara Sutton, Emily Tremblay Shortlisted for Euromoney’s Women in Business Law Awards
-
April 24, 2024IP Leadership Executive Summit
-
April 24, 2024IP Odyssey: Navigating the Latest Developments in Intellectual Property Law
-
April 30, 2024Navigating Generational Dynamics
-
March 2024e-Commerce: Pitfalls and Protections
-
March 22, 2024‘In re Cellect’:
-
March 14, 2024How Many Cases Have You Tried to a Verdict?
-
September 16, 2022Uber Company Systems Compromised by Widespread Cyber Hack
-
September 15, 2022US Averts Rail Workers Strike With Last-Minute Tentative Deal
-
September 14, 2022Hotter-Than-Expected August Inflation Prompts Massive Wall Street Selloff
Find additional firm contact information for press inquiries.
Find resources to help navigate legal and business complexities.
Why Businesses are Busy Now Updating Compliance Around Transfers of European Data to Comply with a September 27 Deadline—And Why Yours Should be Too.
September 24, 2021
Personal data transfers from the European Economic Area (“EEA”) to most other countries, including the United States, require companies to take prompt compliance action. The General Data Protection Regulation (“GDPR”) requires that transfers of EEA personal data outside of the EEA to have adequate levels of protection in the destination country where the data is received. For transfers to the United States, businesses primarily relied on Privacy Shield and European Commission approved Standard Contractual Clauses to document meeting this requirement. On July 16, 2020, the EU Court of Justice (ECJ) invalidated Privacy Shield based on the potential interference with data subject rights caused by US government surveillance in a case that has come to be known as Schrems II. Schrems II went beyond invalidating the Privacy Shield and cast a cloud over Standard Contractual Clauses as well, suggesting that assessments of some sort would need to be made to ensure that the Standard Contractual Clauses were meeting these requirements.
The European Commission and European Data Protection Board in June of 2021 provided clarity about what these steps must include. Importantly, the European Commission released new Standard Contractual Clauses addressing some of these issues that it is requiring all business to use instead of the prior Standard Contractual Clauses. The new Standard Contractual Clauses must be implemented imminently by businesses in relevant contracts starting September 27, 2021. All existing contracts relying on the prior Standard Contractual Clauses must be converted to the new Standard Contractual Clauses by December 27, 2022.
Note that updating contracts is just one piece of solving the Schrems II compliance puzzle. Both the updated terms of the new Standard Contractual Clauses and recommendations issued by the European Data Protection Board make clear that compliance obligations on this front will not be met by merely signing contracts. An affirmative obligation exists on businesses to conduct a complex assessment of what laws and practices such as government surveillance laws might impinge upon European personal data once it is transferred outside of the EEA. If this assessment reveals a gap in protection under the laws of the recipient country, companies must develop and implement technical, organizational and/or contractual measure in such a manner as to resolve this concern or cease the data transfer.
Our attorneys can assist your business in navigating this complex compliance web. Please reach out to Privacy Partner Brandy Worden, CIPP/US, CIPP/EU at BWorden@RobinsKaplan.com if you would like assistance.
If you are interested in having us represent you, you should call us so we can determine whether the matter is one for which we are willing or able to accept professional responsibility. We will not make this determination by e-mail communication. The telephone numbers and addresses for our offices are listed on this page. We reserve the right to decline any representation. We may be required to decline representation if it would create a conflict of interest with our other clients.
By accepting these terms, you are confirming that you have read and understood this important notice.