US relations with the European Union took another hit last week, when the European Parliament voted to suspend Privacy Shield, the agreement between the US and the EU that allows companies to transfer the personal information of EU citizens out of the EU to US companies that have promised to adhere to the General Data Protection Regulation (“GDPR”). Between the Facebook-Cambridge Analytica scandal, the passage of the CLOUD Act and the Russian hack (sorry – alleged Russian hack) of the 2016 election, the EP felt that Privacy Shield did not provide an adequate level of protection for EU citizens. The US has until September 1 to become compliant.

Continue Reading

surgical-glovesiStock_000007268500_LargeIn the digital era, EU data protection law may apply to U.S.-based companies with significant consequences. The EU law generally prohibits the transfer of personal data from the EU to the U.S., unless the transfer is made in accordance with one of a very few of authorized data transfer mechanisms or otherwise falls within one of the its even fewer exceptions. This transfer restriction significantly impacts U.S. multinational companies’ everyday business activities, such as processing employees’ payroll data, as well as their ability to implement enterprise-wide initiatives, such as compiling internet marketing information.
Continue Reading