PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Webinar: Cross-Border Data Transfers: What’s Next?

  If you couldn’t make my webinar to discuss cross-border data transfers, you can watch the replay here. Justin Antonipillai of Wirewheel, Josh Harris of BBB National Programs and I discussed the new framework between the US and the EU for cross-border data transfers as well as the CBPRs.  We also discussed steps that companies […]

The Limitations of Privacy Rights

Limitations of Privacy Rights - Daniel Solove 02

I have posted a draft of my new article, The Limitations of Privacy Rights, on SSRN where it can be downloaded for free.  The article critiques the effectiveness of individual privacy rights generally, as well as specific privacy rights such as the rights to information, access, correction, erasure, objection, data portability, automated decisionmaking, and more. […]

China’s PIPL vs. the GDPR: A Comparison

China PIPL vs. EU's GDPR Comparison - TeachPrivacy Privacy Training 01

How does China’s new Personal Information Protection Law (PIPL) compare to the European Union’s GDPR?  In this post, I provide a quick PIPL vs. GDPR comparison. In comparing the PIPL with the GDPR, I will note a few key similarities and differences — my comparison is not comprehensive. Comparing PIPL and GDPR: Similarities  A few […]

New Casebook – EU Data Protection and the GDPR

EU Data Protection and the GDPR Casebook

I’m pleased to announce that Paul Schwartz and I have launched a new casebook, EU Data Protection and the GDPR. Developed from the casebook Information Privacy Law, this paperback contains key cases and materials focusing on privacy issues related to the GDPR and data protection in the European Union. Topics covered include the GDPR, Schrems cases, […]

The Deal with Data Rights: An Interview with Heather Federman

Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.  

Video – Privacy Conversations – Schrems II Aftermath with Justin Antonipillai and Peter Swire

  In this video, I discuss the aftermath of Schrems II with Justin Antonipillai (Wirewheel) and Peter Swire (Georgia Tech and Alston & Bird). Peter Swire’s new Lawfare piece on how to address the individual redress issue is After Schrems II: A Proposal to Meet the Individual Redress Challenge.

The Impact of the Schrems II Decision: An Interview with Wim Nauwelaerts

Schrems II

In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]

Schrems II: Reflections on the Decision and Next Steps

Schrems II - US Surveillance Law

Professor Paul Schwartz and I recently edited the Schrems II decision for our Information Privacy Law casebook.  Schrems II is short for Facebook Ireland Ltd. v. Maximillian Schrems — the second challenge by Maximillian Schrems to the transfer of data between the EU and US.  In Schrems I, the European Court of Justice (CJEU) invalidated the Safe […]