Author: Shanzay Pervaiz

This was a busy week for those following developments in privacy and cross-border data flows! The European Commission released its highly anticipated draft adequacy decision on the EU-US Data Privacy Framework. The European Commission stated, “that the United States ensures an adequate level of protection for personal data transferred from the EU to US companies.” … Continue reading A Busy—and Momentous—News Week at the Intersection of Privacy, National Security, and Data Flows

By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher Submitting and Investigating Complaints under Executive Order 14086 As we laid out in What’s Next for the New Executive Order and the DPRC?, Executive Order 14086 assigns various tasks that must be completed within specified deadlines. One of those is for the Office of … Continue reading Overview of Implementation Procedures for EO 14086

Now that the Executive Order (EO) and DOJ regulations on the EU-US Data Privacy Framework have been released, what do those instruments require the government to do next? There are a few components to think about. First, what is next for the conduct of signals intelligence (SIGINT), and second, what is next for redress? This … Continue reading What’s Next for the New Executive Order and the DPRC?

By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher With the new executive order for the Trans-Atlantic Data Privacy Framework (TADPF) expected soon, now is a good time to revisit the goal that it is intended to achieve: satisfying the legal requirements set out by the Schrems II decision. These are typically thought of as … Continue reading Will the TADPF Executive Order Hit the Target?

Rumors are circulating that the Trans-Atlantic Data Privacy Framework executive order will be released as soon as October 3rd. This follows the Biden Administration's announcement of an agreement in principle this year in March. The highly anticipated order brings exciting news, and questions, about how the framework will satisfy European legal requirements. We want to … Continue reading A Reminder of Where We Are Now

This year brought exciting developments to privacy. In March, the Biden Administration announced the Trans-Atlantic Data Privacy Framework (TADPF) to facilitate transatlantic data transfers following the invalidation of the EU-US Privacy Shield.  In June, the House Committee on Energy and Commerce introduced the American Data Privacy and Protection Act (ADPPA), a promising step toward federal … Continue reading A Comparison of the ADPPA and Privacy Shield

By: Alex Joel, Senior Project Director and Shanzay Pervaiz, Senior Researcher, in consultation with Gabriela Zanfir-Fortuna, Senior Advisor In a previous post, Laila Abdelaziz outlined the path to an adequacy decision after the European Commission (EC) and the United States announce an agreement in principle. Almost two years after the Court of Justice of the … Continue reading Challenging the New Privacy Shield Framework: All Paths Lead to the CJEU

To understand how the Schrems II decision is affecting companies' operations, we analyzed annual 10-K reports.  SEC rules require that 10-Ks provide detailed information on certain key topics, including “Risk Factors.” According to the SEC, under this topic heading a company will provide information "about the most significant risks that apply to the company or to its securities." First, we searched for 10-K … Continue reading Is the Schrems II ruling one of the “most significant risks” facing U.S. companies?

Recently, the Data Protection Conference of Germany requested Professor Stephen I. Vladeck to provide an expert opinion on the scope of FISA Section 702’s application. In particular, the Data Protection Conference seemed interested in FISA Section 702 having an extraterritorial application. In his testimony, Professor Vladek stated that if an EU company has a U.S. … Continue reading When Can a U.S. Court Exercise Jurisdiction Over a Non-U.S. Entity?