All Max Schrems articles
-
Premium
Expert views mixed on viability of new EU-U.S. data transfer framework
The European Commission might have given a green light to the latest mechanism to allow safe data transfers between the European Union and the United States, but experts have mixed views regarding how long it will last and whether it is even legal.
-
News Brief
EU adopts Privacy Shield replacement for U.S. data transfers
The European Commission announced it adopted a new agreement with the United States to allow for transatlantic data flows without fear of violating the European Union’s General Data Protection Regulation.
-
News Brief
Swedish DPA fines Spotify $5.4M for ‘low level’ GDPR lapses
Sweden’s data protection authority levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.
-
News Brief
Meta fined $414M for targeted advertising GDPR breaches
The Irish Data Protection Commission fined Meta Ireland a total of €390 million (U.S. $414 million) for breaching the General Data Protection Regulation by forcing users to agree their personal data can be used for targeted advertising to access Facebook and Instagram.
-
Article
U.S. includes surveillance concessions in new transatlantic data flow framework
President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.
-
Article
Experts optimistic, though wary, toward Privacy Shield successor
Legal and data privacy experts have expressed cautious optimism regarding the announcement that the United States and European Union have reached an agreement in principle to resume transatlantic data flows.
-
Article
Third time’s the charm? Agreement in principle reached on U.S.-EU data flows
The United States and European Union have reached an agreement in principle on how to handle transatlantic data flows, a thorny issue that has resulted in two prior frameworks being scrapped by the EU’s top court.
-
Article
‘Soft-hearted’ Irish DPC proposes $42M GDPR fine against Facebook
The Irish Data Protection Commission has set out plans to fine Facebook between €28 million and €36 million (U.S. $32 million and $42 million) for violations of the General Data Protection Regulation.
-
Article
EU privacy advocate targets Facebook, Google in latest salvo
Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.
-
Article
Five tips for EU-U.S. data transfers post-Privacy Shield
As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.
-
Article
Companies paying price for EU-U.S. Privacy Shield removal
The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.
-
Article
Europe’s top court strikes down U.S.-EU data transfer rule
In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.
-
Article
Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’
Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.
-
Article
Privacy advocate Schrems foresees lax enforcement of GDPR
Speaking at the recent Compliance Week Europe conference in Amsterdam, leading privacy campaigner Max Schrems cast doubt on whether the newly enacted GDPR would have any teeth.