In an unusual but significant move, on August 4, 2021, the Federal Trade Commission (FTC) removed Aristotle International from the Children’s Online Privacy Protection Act (COPPA) Safe Harbor List. There were 7 organizations on the list, which were approved by the FTC to self-regulate themselves under COPPA, but with this first removal by the FTC,
safe harbor
EU-US Transatlantic Data Flows Subject to Further Legal Challenge
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously …
FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program
The Federal Trade Commission (FTC) approved TRUSTe’s proposed modifications to their Children’s Online Privacy Protection Act (COPPA) safe harbor program this week.
COPPA requires, among other things, that commercial website and mobile app operators that knowingly collect personal information from children under age 13 post comprehensive privacy policies on their websites and in their mobile apps, notify parents and guardians of the website’s or mobile app’s information practices, and obtain parental consent before collecting, using or disclosing any personal information from children under age 13. However, COPPA includes a ‘safe harbor’ provision whereby industry groups may seek approval from the FTC to create self-regulatory guidelines that implement “the same or great protections for children” as those in COPPA. Website and mobile app operators that participate in FTC-approved safe harbor programs are subject to the review and disciplinary procedures provided in the safe harbor guidelines in lieu of an FTC’s formal investigation or enforcement.
Continue Reading FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program
Transatlantic Data Transfer: An Update
The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up?
How we arrived at the Privacy Shield…
Under current EU data protection laws, as well as under the forthcoming General Data…
EU-US Privacy Shield for transatlantic data transfers finalized
This article co-authored with guest blogger Peter Wainman, a partner with Mills & Reeve LLP
Transfers of personal data from most European countries to the U.S. have been exposed to legal attack since October 2015, when privacy campaigner Max Schrems successfully sued the Irish authorities over data transfers made by Facebook Ireland. The main objection…
Update on the U.S.- EU Privacy Shield
As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor to transfer data from the EU to the US. The Privacy Shield negotiations were accelerated in response to the…
Privacy Shield’s prospects: the good, the bad, and the ugly
This article courtesy of guest blogger Prof. Peter Margulies of Roger Williams University School of Law and originally appeared in the Privacy blog of The Lawfare Institute.
If the devil is in the details, then the announcement early Monday of the inner workings of the new US-EU data-transfer agreement, Privacy Shield, may lack the…
EU Safe Harbor Program declared invalid by EU’s highest court
The European Court of Justice, (the EU’s highest court), ruled on Tuesday, October 6th that the safe harbor pact between the EU and the U.S. should be declared invalid because it fails to provide adequate protection for EU citizens’ data. The ruling follows Advocate General Yves Bot’s opinion (covered here) two weeks ago…