fbpx

Download free GDPR compliance checklist!

Tag Archives for " Standard contractual clauses "

What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for you

On the 16th of July, one of the most anticipated cases in data protection, case C-311/18 — Facebook Ireland versus Schrems — will be delivered by the EU Court of Justice.

The verdict in the groundbreaking “Schrems 2.0” case will dictate whether the widely used Standard Contractual Clauses (SCCs) and the EU/USA Privacy Shield will remain a valid means of transferring personal data to countries outside the EEA under the EU’s GDPR.

Full article: What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for your organisation and how to prepare for the 16th of July

German Supervisory Authority Publishes New Standard Clauses for Processors

On April 9, 2020, the German Supervisory Authority of Baden-Wuerttemberg published standard contractual clauses for data processors pursuant to Article 28(8) GDPR.

It is the first German Supervisory Authority to do so, and the second in EU after the Danish Supervisory Authority published its own standard clauses in July 2019.

Source: German Supervisory Authority Publishes New Standard Clauses for Processors

Advocate general thinks Standard Contractual Clauses are valid for data transfers out of EU

Henrik Saugmandsgaard Oe, advocate general to the Court of Justice of the European Union (CJEU), in his opinion issued yesterday said the use of so-called standard contractual clauses by Facebook and other firms to transfer information abroad is “valid.”

His non-binding opinion is not a ruling as such, but legal experts say opinions from the advocate general are typically followed by the court in a majority of cases. The CJEU will rule on the case in the coming months.

Source: Schrems vs. Facebook: Legal advisor to EU supreme court gives opinion

AG Opinion in Schrems II Delayed

The Advocate General’s (AG) Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (so called “Schrems II”), has been delayed until the 19 th December 2019.

The primary question before the European Court of Justice, and the AG, in Schrems II is whether the European Commission’s standard contractual clauses are valid for transfers of personal data to the United States.

Source: UPDATE: AG Opinion in Schrems II Delayed

CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

On July 9 the Court of justice of European Union had its session in so called Schrems II case. The question is; whether U.S. law on the access of national security agencies to the personal data of non nationals, the Foreign Intelligence Service Act, breaks European data protection laws. And if so, does that invalidate currently legal data transfer mechanisms?

Court heard from the Irish Data Protection Commissioner, Facebook, the Electronic Privacy Information Center, DigitalEurope, the Business Software Alliance, the European Commission, the European Data Protection Board, the U.S. government as well as several EU countries and representatives of Max Schrems himself.

The EU court’s Advocate General Henrik Saugmandsgaard Øe said he will give his non-binding opinion in the case December 12 this year, with a full decision expected by early 2020.

Source: CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

There is a significant risk the CJEU will declare these transfer mechanisms as invalid. If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Read full article: SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Privacy Shield and Standard Contractual Clauses will be assessed by European Courts

On the first and second of the July, the General Court of the European Union (which is part of the Court of Justice of the European Union (CJEU)) will hear a case against the EU-U.S. Privacy Shield brought by three French NGOs, La Quadrature du Net, French Data Network and Fédération FDN.

A week later, on 9 July, the CJEU will hear arguments in Schrems II, in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US.

Judgments in these cases are expected towards the end of 2019 or beginning of 2020. there is high probability that either or both the Privacy Shield and SCCs will be invalidated as a mechanism for transferring personal data outside the EU, in a similar manner to the invalidation of Safe Harbor in 2015.

Source: Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

Supreme Court dismisses Facebook appeal over transfer of user personal data to the US

Ireland’s Supreme Court has dismissed Facebook’s appeal over a High Court decision to refer key issues concerning the validity of European Commission decisions approving EU-US data transfer channels to the Court of Justice of the EU.

The referral was made by the High Court in proceedings by the Data Protection Commissioner (DPC) arising from complaints by Austrian lawyer Max Schrems the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.

Source: Supreme Court dismisses Facebook appeal over transfer of user personal data to the US – Independent.ie

Are the Standard Contractual Clauses Enough?

The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR.

To help address that confusion, Bryan Cave is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the GDPR.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?

Standard contractual clauses challenged by GDPR and scrutinized by CJEU

The EU Standard contractual clauses have been the most frequently used means for data transfers outside the EU. Under the EU General Data Protection Regulation (“GDPR”), which comes into effect in May this year, the EU Standard contractual clauses provide for “appropriate safeguards” validating transfer of personal data to a third country or an international organisation.

Source: Standard contractual clauses challenged by GDPR and scrutinized by CJEU – Lexology

>