Thank you to everyone who participated in yesterday’s webinar “Safe Harbor Invalidated – What Next?”, in which we analyzed the implications of the decision by the Court of Justice of the European Union invalidating the EU-U.S. Safe Harbor Framework. In the webinar, we explored:
- What is the status of data transfers currently being legitimized by Safe Harbor?
- What alternative options are available for Safe Harbor members to lawfully receive data from Europe?
- What steps must Safe Harbor members take to transition to those other options?
- What are Safe Harbor members required to do with EU data already in the U.S.?
- How should companies respond to enquiries from EU clients and regulators concerned about the lack of a lawful basis for transfers?
To access the a copy of the slide deck, click here.
To access the recorded webinar (1 hr 6 mins), click here.
Stay tuned to the blog for future updates , including any interpretations or next-steps guidance from the European data protection authorities, the U.S. Department of Commerce, or the Federal Trade Commission.
On 6 October 2015, the Court of Justice of the European Union (CJEU) declared the EU-US Safe Harbor framework invalid as a mechanism to legitimize transfers of personal data from the EU to the US. This decision effectively leaves any organisation that relied on Safe Harbor exposed to claims that such data transfers are unlawful.
Safe Harbor was jointly devised by the European Commission and the U.S. Department of Commerce as a framework that would allow US-based organisations to overcome the restrictions on transfers of personal data from the EU. Following a dispute between Austrian law student Max Schrems and the Irish Data Protection Commissioner, the CJEU was asked to consider whether a data protection supervisory authority was bound by the European Commission’s decision that Safe Harbor provided an adequate level of protection for European data.
In its ruling, the CJEU goes beyond this specific question and takes the view that Safe Harbor does not in fact provide an adequate level of data protection, because it is unable to prevent large-scale access by the U.S. intelligence authorities to data transferred from Europe.
Emerging technologies. Rapidly evolving markets. Changing regulatory frameworks. Businesses around the globe are affected by these influences and intellectual property (IP) plays a central role. On 4th November, Hogan Lovells, Santa Clara University’s High Tech Law Institute, and the Berkeley Center for Law and Technology are bringing together the IP industry’s thought leaders to discuss these issues and start a conversation around how to turn them into IP opportunities.
As part of the event, a live video conference will connect Silicon Valley and London. This panel, featuring speakers in both locations, will provide updates on patent reform in Europe (namely, the Unitary Patent) and the U.S. (namely, patent reform legislation), and a dialogue about those reforms’ impacts on international patent strategy. The conference will be held concurrently with Hogan Lovells’ annual Patent Seminar in London.
On 29 September, the District Court of Cologne became the third court in Germany to issue a decision in relation to the trilogy of actions launched by large publishers against adblocking software Adblock Plus.
The court rejected publisher Axel Springer’s action against Eyeo GmbH, the German company behind AdBlock Plus. In doing so, the Cologne court agreed with the courts of Hamburg and Munich which in April and May had already rejected parallel actions brought by other large publishing houses, among them RTL, ProSieben Sat.1 Digital and Handelsblatt.
EDITOR’S NOTE: We are excited to present this entry in our new TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT associates across our global offices and practice areas.
On September 17, 2015 the Silicon Flatirons Center at the University of Colorado hosted a conference discussing universal service in the age of broadband. The conference, entitled “Closing the Digital Divide,” examined the FCC’s ongoing efforts to reform universal service and compared those efforts to access to broadband (both wired and wireless) internationally. The conference addressed a range of topics including: 1) low income access to broadband, 2) rural and tribal lands, 3) international broadband access, and closed with a discussion on putting infrastructure into perspective. In this article, we focus on the “digital divide” policy debate over U.S. and international broadband access.
Brett Wilson LLP v Person(s) Unknown
It is possible to set up anonymous websites with ease – but much harder to identify who is behind them. When such websites publish defamatory statements about you or your business, this can make life very difficult, particularly if you rely on clients finding you via online searches.
The High Court has recently granted an injunction and damages in defamation in such a situation. In so doing, it confirmed that it was legitimate for a claimant (who notwithstanding service of a Norwich Pharmacal order had failed to obtain identifying information about the owner/operator of an offending website) to proceed against the defendants as “the persons unknown, responsible for the operation and publication of the website www.solicitorsfromhelluk.com“.
On 15 September, the Hong Kong Monetary Authority (the “HKMA”) issued a letter drawing its authorized institutions’ attention to the increasing importance of cyber security risk management.
The letter comes just weeks after a 24 August letter by the Monetary Authority of Singapore (the “MAS”) warning Singaporean-regulated financial institutions of the importance of improving on their intrusion detection measures as part of cyber security defence planning.
The regulatory focus on cyber security issues in two of Asia’s leading financial services hubs highlights that even though financial institutions in Hong Kong and Singapore are already subject to fairly detailed and comprehensive technology and risk management regulation, cyber risk raises unprecedented challenges and justifies going above and beyond specific regulatory requirements.
The HKMA’s letter notes that the “frequency, stealth, sophistication and potential impact” of cyber security attacks are on the rise. Coupling this with the increasingly varied motivations and affiliations of hackers, the regulator is concerned that conventional risk management controls and philosophies practised by financial institutions need to be adjusted in order to meet the emerging challenges.
The Opinion of the Advocate General (AG) of the Court of Justice of the European Union (CJEU) on the case assessing the status and validity of Safe Harbor has created significant uncertainty relating to its immediate future. While the CJEU has not yet ruled, the AG’s decisions are typically quite influential. The AG’s view is that the Safe Harbor program does not provide an adequate level of data protection and that it should have already been invalidated by the European Commission.
Safe Harbor was the end result of several years of negotiations during the late ’90s between the European Commission and the U.S. Department of Commerce to create a self-regulatory framework that would allow U.S.-based organisations to overcome the restrictions on transfers of personal data from the EU.
Given the lower level of government scrutiny and the widespread use of (mobile) internet, online advertising has become very popular in China. However, in the wake of China’s new Advertising Law, the State Administration of Industry and Commerce (‘SAIC’) has now turned its attention to the online environment, recently issuing its Draft Interim Measures for Supervision and Administration over Internet Advertising (‘Draft Measures’). The Draft Measures have implications for virtually every company providing goods or services in China, and in this post, we summarize the highlights.
Scope of regulated online advertising
Under the Draft Measures, the scope of regulated internet advertising would be enlarged to encompass all “commercial presentations” – including endorsement by celebrities – distributed via websites, emails, social media, instant communication tools and mobile applications. Covered advertisements could be in any format, including words, images, audio and video or “any other format” (we anticipate this would include holograms in the future). This means that advertisements on micro-blogs, on instant messaging services, on mobile applications and via “ad-words” on search engines would be regulated. Companies need to understand the broad scope of the Draft Measures in order to effectively manage their risk.