November 19, 2018

November 16, 2018

Subscribe to Latest Legal News and Analysis

Privacy Shield: Initial Data Protection Authority Guidelines

US organizations are taking a conservative approach towards the EU-US Privacy Shield Framework (Privacy Shield) based in part on a lack of regulatory guidance and potential future scrutiny. On September 12, the data protection authority (DPA) of North Rhine Westphalia (LDI), Germany issued its own “guidelines“ for data exporters that highlight some of the DPA’s concerns regarding the Privacy Shield.

The German DPA warned companies that all data exporters in its jurisdiction must verify that

  • the data importer must be registered under the Privacy Shield and that such certifications must be valid;

  • the data importer must fulfill its “notice” and “onward transfer obligations”; and

  • the German laws for general controller-processor data processing generally apply (Sec 11 German Data Protection Act).

In addition, the DPA noted that the data exporter needs to document that it has complied with all of these obligations before sending any data to the data importer. Currently, there is no need to notify this DPA, but the DPA states that it will raise any issues with regard to the Privacy Shield directly with the data exporters in their jurisdictions and in the framework of the annual review of the Privacy Shield with the US government.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Dr. Axel Spies, Telecommunications and technology lawyer, Morgan Lewis
Special Legal Consultant

Dr. Axel Spies has advised clients for many years on various international issues, including licensing, competition, corporate issues, and new technologies such as cloud computing. He counsels on international data protection (EU General Data Protection Regulation), international data transfers (Privacy Shield), healthcare, technology licensing, e-discovery, and equity purchases. A member of the Sedona Conference on Electronic Discovery, Dr. Spies is frequently quoted in the media for his telecommunications and privacy knowledge.

202-373-6145
Peter Watt-Morse, Morgan Lewis, Intellectual property lawyer
Partner

Peter M. Watt-Morse, one of the founding partners of the firm’s Pittsburgh office, has worked on all forms of commercial and technology transactions for more than 30 years. Peter works on business and intellectual property (IP) matters for a broad range of clients, including software, hardware, networking, and other technology clients, pharmaceutical companies, healthcare providers and payors, and other clients in the life science industry. He also represents banks, investment advisers, and other financial services institutions.

412-560-3320
Cindy L. Dole, Morgan Lewis, Technology IP Lawyer, Finance matters Attorney
Associate

Cindy L. Dole collaborates with clients at the intersection of technology, intellectual property (IP), and finance. In her technology-based transactional practice, she advises on matters including corporate partnering, open source software strategy, distribution and sales arrangements, cloud computing, and other electronic commerce (e-commerce). Additionally, Cindy helps companies develop and implement IP strategy in connection with financings, mergers, acquisitions, and initial public offerings (IPOs). 

650.843.7563