- Acumen Powered by Robins Kaplan LLP®
- American Indian Law and Policy
- Antitrust and Trade Regulation
- Appellate Advocacy and Guidance
- Business Litigation
- Civil Rights and Police Misconduct
- Class Action Litigation
- Commercial/Project Finance and Real Estate
- Corporate Governance and Special Situations
- Corporate Restructuring and Bankruptcy
- Domestic and International Arbitration
- Entertainment and Media Litigation
- Health Care Litigation
- Insurance and Catastrophic Loss
- Intellectual Property and Technology Litigation
- Mass Tort Attorneys
- Medical Malpractice Attorneys
- Personal Injury Attorneys
- Telecommunications Litigation and Arbitration
- Wealth Planning, Administration, and Fiduciary Disputes
Acumen Powered by Robins Kaplan LLP®
Ediscovery, Applied Science and Economics, and Litigation Support Solutions
-
July 22, 2024Seven Robins Kaplan Attorneys Named to Minnesota Lawyer’s Power 30: Personal Injury List
-
July 18, 2024Emily Niles Named to Law360’s Top Attorneys Under 40
-
July 16, 2024David Martinez Named To 2024 Leaders of Influence: Litigators & Trial Attorneys by Los Angeles Business Journal
-
August 6, 2024Identifying Opportunities: Affirmative Recovery Strategies
-
August 15, 2024Annual Robins Kaplan MAJ Welcome Reception
-
October 20, 2024License Agreement Disputes:
-
July 24, 2024Navigating Copyright Act Section 117 in Software Licensing and Litigation
-
Second QuarterGENERICally Speaking: A Hatch-Waxman Litigation Bulletin
-
July 15, 2024Making The Whole Truth Public
-
September 16, 2022Uber Company Systems Compromised by Widespread Cyber Hack
-
September 15, 2022US Averts Rail Workers Strike With Last-Minute Tentative Deal
-
September 14, 2022Hotter-Than-Expected August Inflation Prompts Massive Wall Street Selloff
Find additional firm contact information for press inquiries.
Find resources to help navigate legal and business complexities.
Why Businesses are Busy Now Updating Compliance Around Transfers of European Data to Comply with a September 27 Deadline—And Why Yours Should be Too.
September 24, 2021
Personal data transfers from the European Economic Area (“EEA”) to most other countries, including the United States, require companies to take prompt compliance action. The General Data Protection Regulation (“GDPR”) requires that transfers of EEA personal data outside of the EEA to have adequate levels of protection in the destination country where the data is received. For transfers to the United States, businesses primarily relied on Privacy Shield and European Commission approved Standard Contractual Clauses to document meeting this requirement. On July 16, 2020, the EU Court of Justice (ECJ) invalidated Privacy Shield based on the potential interference with data subject rights caused by US government surveillance in a case that has come to be known as Schrems II. Schrems II went beyond invalidating the Privacy Shield and cast a cloud over Standard Contractual Clauses as well, suggesting that assessments of some sort would need to be made to ensure that the Standard Contractual Clauses were meeting these requirements.
The European Commission and European Data Protection Board in June of 2021 provided clarity about what these steps must include. Importantly, the European Commission released new Standard Contractual Clauses addressing some of these issues that it is requiring all business to use instead of the prior Standard Contractual Clauses. The new Standard Contractual Clauses must be implemented imminently by businesses in relevant contracts starting September 27, 2021. All existing contracts relying on the prior Standard Contractual Clauses must be converted to the new Standard Contractual Clauses by December 27, 2022.
Note that updating contracts is just one piece of solving the Schrems II compliance puzzle. Both the updated terms of the new Standard Contractual Clauses and recommendations issued by the European Data Protection Board make clear that compliance obligations on this front will not be met by merely signing contracts. An affirmative obligation exists on businesses to conduct a complex assessment of what laws and practices such as government surveillance laws might impinge upon European personal data once it is transferred outside of the EEA. If this assessment reveals a gap in protection under the laws of the recipient country, companies must develop and implement technical, organizational and/or contractual measure in such a manner as to resolve this concern or cease the data transfer.
Our attorneys can assist your business in navigating this complex compliance web. Please reach out to Privacy Partner Brandy Worden, CIPP/US, CIPP/EU at BWorden@RobinsKaplan.com if you would like assistance.
If you are interested in having us represent you, you should call us so we can determine whether the matter is one for which we are willing or able to accept professional responsibility. We will not make this determination by e-mail communication. The telephone numbers and addresses for our offices are listed on this page. We reserve the right to decline any representation. We may be required to decline representation if it would create a conflict of interest with our other clients.
By accepting these terms, you are confirming that you have read and understood this important notice.