Privacy Shield Finalized – How Everyone Can Take Advantage of the New European Data Transfer Framework


The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for national data-protection laws in each EU Member State.  The Directive states that personal data may only be transferred to countries outside the EU when an “adequate” level of protection is guaranteed.  Few exemptions apply, and the laws of the United States are not considered by the European Union as providing an adequate level of data protection.  As a result, if a company intended to transfer personal data from the EU to the U.S., it traditionally had to achieve the Directive’s required “adequacy” status through: Safe Harbor certification; standard contractual clauses; or binding corporate rules….


The Top Three Privacy Takeaways of the New Delaware Online Privacy and Protection Act

Delaware’s New Privacy Policy Requirements

Effective January 1, 2016, Delaware became the second state in the U.S., joining California, to require operators of commercial websites that collect personally identifiable information to post online privacy policies. The Delaware Online Privacy and Protection Act (DOPPA) applies to anyone who operates a “commercial internet website, online or cloud computing service, online application, or mobile application.”…