PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Schrems II: Reflections on the Decision and Next Steps

Schrems II - US Surveillance Law

Professor Paul Schwartz and I recently edited the Schrems II decision for our Information Privacy Law casebook.  Schrems II is short for Facebook Ireland Ltd. v. Maximillian Schrems — the second challenge by Maximillian Schrems to the transfer of data between the EU and US.  In Schrems I, the European Court of Justice (CJEU) invalidated the Safe […]

Video: Schrems II Initial Reactions with Daniel Solove, Justin Antonipillai, Gabriela Zanfir-Fortuna, Jocelyn Aqua, Ralf Sauer, and Bob Litt

  Yesterday, the European Court of Justice issued its decision in Facebook Ireland v. Schrems, a case known as Schrems II.  The court’s opinion sent shock waves throughout the privacy world.  I had a terrific discussion with Justin Antonipillai (Wirewheel), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Ralf Sauer (European Commission), Jocelyn Aqua (PwC) and Bob […]

Video: Schrems II Initial Reactions with Daniel Solove, Justin Antonipillai, Gabriela Zanfir-Fortuna, Ralf Sauer, and Bob Litt

Video - discussion of Scrhems II

The European Court of Justice just issued its decision in Facebook Ireland v. Schrems, and the court’s opinion sent shock waves throughout the privacy world.  I had a terrific discussion with Justin Antonipillai (Wirewheel), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Ralf Sauer (European Commission), and Bob Litt (Morrison & Foerster, former General Counsel for the […]

The Schrems II Decision

Privacy Shield

The European Court of Justice has finally issued its decision in Facebook Ireland Ltd. v. Maximillian Schrems — otherwise known as Schrems II. The full text of the Schrems II opinion is here. The result: The US-EU Privacy Shield Framework is invalid.  The Standard Contractual Clauses are valid.  Ultimately, this means that it is still […]

Cartoon: GDPR Lawful Basis

Cartoon GDPR Lawful Basis - TeachPrivacy GDPR Training

This cartoon is about the GDPR’s lawful basis requirement to process personal data. One of the biggest differences between U.S. and EU privacy law is that in the U.S., organizations can collect and use personal data in nearly any way they choose as long as they state what they are doing in their privacy notice […]

Top 10 Privacy Law Developments of the Decade 2010-2019

Top 10 Privacy Law Developments of the Decade 2010-2019 02

It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective.  What is notable privacy law depends upon where one […]

Cartoon: Multi-Jurisdictional Privacy Law Compliance

Cartoon Multi-Jurisdictional Privacy Law Compliance Poodle - TeachPrivacy CCPA Training 02 small

This cartoon depicts the challenges of multi-jurisdictional privacy law compliance. In 2018, organizations scrambled to comply with the GDPR.  In 2019, businesses are scrambling to comply with the California Consumer Privacy Act (CCPA).  And, there will be a new referendum on privacy law in California next year — CCPA 2.0.  There’s a flurry of legislative […]

Developing a Multi-Jurisdictional Approach to Privacy Laws — An Interview with K Royal

Global Privacy Law

I’m thrilled to interview K Royal, Senior Director, Western Region, Privacy, at TrustArc. K has had a long career in privacy law, having served as privacy counsel for several companies. She’s also an adjunct professor at Arizona State University. Prof Solove: What is the need for a multi-jurisdictional approach to privacy laws? K Royal: With the European […]

Cartoon: Cookies and the GDPR

Cartoon Cookies and the GDPR

This cartoon depicts how, after the GDPR, countless websites have cookie notices and require agreeing to accept cookies.  I find these cookie notices to be form over substance.  These notices are virtually meaningless and don’t help consumers. They are a nuisance.  They give privacy a bad name because people start to think that privacy is […]

Entering the New Age of Privacy in the US: Learning from GDPR — An Interview with Daniel Barber

I had the chance to interview Daniel Barber, CEO and Co-founder of DataGrail. DataGrail is a purpose-built privacy management platform that ensures sustained compliance with the GDPR, CCPA, and forthcoming regulations. Their customers span a variety of industries and include Databricks, Plexus Worldwide, TRI Pointe Homes, Outreach, Intercom, and SaaStr. Daniel and I spoke about the lessons […]