EU-U.S. Privacy Shield Principles Released
Client Alert | 2 min read | 03.01.16
On February 29, the U.S. Department of Commerce published the EU-U.S. Privacy Shield foundational documents, including the framework's updated principles. The European Commission (EC) published the draft adequacy decision for the new framework. While there are no major surprises in the documents, given the earlier press releases, publication will allow companies to begin planning compliance strategies.
For details on the differences between the previous framework (U.S.-EU Safe Harbor) and the new one, please join us on March 9 at Crowell & Moring in Washington, D.C. for a seminar on the EU-U.S. Privacy Shield and the forthcoming EU Data Protection Regulation (GDPR).
Crowell & Moring attorneys from our Brussels and D.C. offices will be joined by U.S. Department of Commerce Deputy Assistant Secretary Ted Dean, lead U.S. negotiator for the EU-U.S. Privacy Shield; and Oracle Vice President of Global Public Policy and Chief Privacy Strategist, Joseph Alhadeff. The seminar will focus on how the proposed framework/regulations differ from predecessors; adjustments to existing compliance programs that may be necessary to meet the new requirements; and hurdles/risks that may arise.
As for the implementation timeline of the EU-U.S. Privacy Shield, there remain several steps before the program is operational. The draft EU-U.S. Privacy Shield adequacy decision will now be subject to consultation by a committee of representatives of the EU Member States and their Data Protection Authorities (Article 29 Working Party), which will issue a (non-binding) opinion on April 12-13, 2016. Afterwards, the draft will have to pass the so called "comitology" (approval) process for EC decisions, which according to the EC, may take until June 2016. During that time, the U.S. will finalize the framework and put the agreed upon redress mechanisms in place.
Contacts
Insights
Client Alert | 3 min read | 11.21.25
On November 7, 2025, in Thornton v. National Academy of Sciences, No. 25-cv-2155, 2025 WL 3123732 (D.D.C. Nov. 7, 2025), the District Court for the District of Columbia dismissed a False Claims Act (FCA) retaliation complaint on the basis that the plaintiff’s allegations that he was fired after blowing the whistle on purported illegally discriminatory use of federal funding was not sufficient to support his FCA claim. This case appears to be one of the first filed, and subsequently dismissed, following Deputy Attorney General Todd Blanche’s announcement of the creation of the Civil Rights Fraud Initiative on May 19, 2025, which “strongly encourages” private individuals to file lawsuits under the FCA relating to purportedly discriminatory and illegal use of federal funding for diversity, equity, and inclusion (DEI) initiatives in violation of Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity (Jan. 21, 2025). In this case, the court dismissed the FCA retaliation claim and rejected the argument that an organization could violate the FCA merely by “engaging in discriminatory conduct while conducting a federally funded study.” The analysis in Thornton could be a sign of how forthcoming arguments of retaliation based on reporting allegedly fraudulent DEI activity will be analyzed in the future.
Client Alert | 3 min read | 11.20.25
Client Alert | 3 min read | 11.20.25
Client Alert | 6 min read | 11.19.25
