Germany Moves to Amend Privacy Laws in Anticipation of the EU’s General Data Protection Regulation

Germany Moves to Amend Privacy Laws in Anticipation of the EU’s General Data Protection Regulation

With the EU’s General Data Protection Regulation (GDPR) scheduled to go into effect in May of 2018 – an ambitious effort to harmonize a patchwork of EU privacy laws and create a uniform privacy regime that restricts the collection, processing and use of individual information – Germany has become the first member state to amend its own privacy laws in anticipation of the coming changes. In May 2017, the German Federal Council (‘Bundesrat’) passed an act intended to bring the current German data protection laws in line with the requirements of the GDPR. On July 5, 2017, the new German Federal Data Protection Act (‘Bundesdatenschutzgesetz’), referred to as the German Data Protection Act, was countersigned by the German Federal President and published in the Federal Law Gazette. The Act utilizes some of the framework and concepts of the GDPR to enhance Germany’s existing data protection rules, while at the same time modifies existing German privacy rules to allow for certain data to be used more freely in cases of national security and employment. Under the new German law, employee data can be processed if “necessary” to establish or carry out the employment relationship (for example, to enforce a collective bargaining agreement)....

Second Circuit Reverses Lower Court Microsoft Decision and Holds That Email Evidence Stored Abroad Cannot Be Gathered Pursuant to Criminal Warrant Issued Under Stored Communications Act 0

Second Circuit Reverses Lower Court Microsoft Decision and Holds That Email Evidence Stored Abroad Cannot Be Gathered Pursuant to Criminal Warrant Issued Under Stored Communications Act

In a prior post, we reported that Southern District of New York Magistrate Judge Francis determined that Microsoft must comply with a U.S. Government’s warrant seeking a user’s email content, even though the emails are stored in Microsoft’s datacenter in Dublin, Ireland. After the lower court declined to quash the subpoena and held Microsoft in contempt for failing to turn over customer content stored abroad, Microsoft appealed to the Second Circuit. On July 14, 2016 the appeals court issued an extensive opinion reversing the lower court’s ruling.

New “Privacy Shield” for EU-U.S. Data Transfers Gains Acceptance by Europe and U.S. Regulators 0

New “Privacy Shield” for EU-U.S. Data Transfers Gains Acceptance by Europe and U.S. Regulators

As previously noted, in response to the European Court of Justice ruling in Schrems v. Data Protection Commissioner (Case C-362/14) striking down as inadequate the so-called “safe harbor” agreement that existed for more than a decade, the EU Commission and U.S. Department of Justice announced the framework of a deal to allow transatlantic data transfers between the EU and U.S. without running afoul of Europe’s strict data protection directives. Described as the EU-U.S. “Privacy Shield” agreement, that framework has now been vetted by EU Member States, modified in certain respects, and formally adopted on July 12, 2016 by the European Commission.

New York Federal Court Weighs in on Apple Encryption Debate 0

New York Federal Court Weighs in on Apple Encryption Debate

Anyone reading recent headlines knows that Apple, Inc. is engaged in a legal, and ultimately political, struggle with the U.S. Government over access to the cell phone of Syed Rizwan Farook, one of the shooters in the December 2, 2015 terror attack at the Inland Regional Center in San Bernardino, California. The core issue in that California proceeding is whether Apple should be forced to “create and load Apple-signed software onto the subject iPhone device to circumvent the security and anti-tampering features of the device in order to enable the government to hack the passcode to obtain access to the protected data contained therein.”

New “Privacy Shield” Agreement Seeks to Resurrect a Safe Harbor for EU-U.S. Data Transfers – Can it Succeed? 0

New “Privacy Shield” Agreement Seeks to Resurrect a Safe Harbor for EU-U.S. Data Transfers – Can it Succeed?

On February 2, 2016, the EU Commission and U.S. Department of Justice announced the framework of a deal to allow transatlantic data transfers between the EU and U.S. without running afoul of Europe’s strict data protection directives. It was appropriate that the announcement came on Groundhog Day, because we have been here before.

#Do-Not-Disclose — Twitter Sues Government Alleging Free Speech Violation 0

#Do-Not-Disclose — Twitter Sues Government Alleging Free Speech Violation

Twitter’s ubiquitous 140-character-or-less tweets are not, the company argues, sufficiently similar to email or other forms of stored electronic information to warrant lumping them together with the likes of Google, Microsoft, Facebook, Yahoo!, or Apple, all of which have agreed to restrictive limitations on their public reporting of government surveillance. Twitter has sued the U.S. Government in federal court in California to make its point.

New York Court Rules Email Evidence Stored Abroad is Subject to Criminal Warrant Issued Under Stored Communications Act 0

New York Court Rules Email Evidence Stored Abroad is Subject to Criminal Warrant Issued Under Stored Communications Act

Southern District of New York Magistrate Judge Francis has determined that Microsoft must comply with a U.S. Government’s warrant seeking a user’s email content even though the emails are stored in Microsoft’s datacenter in Dublin, Ireland. The decision is likely to get widespread attention and be the subject of future court review, as it expands the reach of a government criminal warrant beyond the borders of the United States to allow for the collection of evidence abroad.

Nothing “Safe” About It: Companies That Falsely Certify Compliance with the U.S.- E.U Safe-Harbor Framework May Receive Years of Regulatory Oversight 0

Nothing “Safe” About It: Companies That Falsely Certify Compliance with the U.S.- E.U Safe-Harbor Framework May Receive Years of Regulatory Oversight

In 2000, the European Commission and U.S. Department of Commerce developed the so-called “U.S.-E.U. Safe-Harbor Framework” as a way to foster data transfer between the United States and E.U. countries notwithstanding concerns that U.S. privacy laws do not offer the same level of protection as E.U. laws with respect to personally identifiable information. As part of the safe-harbor framework, companies that choose to enter the program must publicly declare compliance with the safe-harbor requirements, which include adherence to seven privacy principles touching on the areas of notice, access, data integrity, individual choice (opt in/out rules), security, third-party transfer, and enforcement. The principle of “enforcement” includes making sure that procedures are in place to verify a company’s adherence to the rules and a sanctions regime sufficient to ensure compliance.

Judge Scheindlin Weighs Comity Concerns and Orders Production of Documents from Bank of China Despite Violation of Chinese Laws 0

Judge Scheindlin Weighs Comity Concerns and Orders Production of Documents from Bank of China Despite Violation of Chinese Laws

In Aerospatiale v. District Court of Iowa the United States Supreme Court admonished lower courts that international comity compels them to “take care to demonstrate due respect for any special problem confronted by the foreign litigant on account of its nationality or the location of its operations, and for any sovereign interest expressed by a foreign state.” As previously noted, some prominent groups such as the ABA and The Sedona Conference® recently have developed principles and standards to help courts heed that advice.