fbpx

Download free GDPR compliance checklist!

Tag Archives for " Standard contractual clauses "

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

Schrems gets a judicial review of the Irish DPC’s procedure

European privacy campaigner Max Schrems has been granted a judicial review of the Irish regulator’s handling of his complaint.

He’s expecting the hearing to take place before the end of the year — and is hoping the action will, at long last, lead to a suspension of Facebook’s EU-US data transfers.

Schrems says his aim is to “kick start a ‘paused’ complaints procedure’” after Ireland’s Data Protection Commission (DPC) chose to open a new case procedure last month — simultaneously pausing its handling of his original complaint, which dates back some seven years at this point.

Source: Facebook EU-US data transfer complaint: Schrems gets a judicial review of the Irish DPC’s procedure | TechCrunch

New mechanism for EU data transfers ‘may be ready by Christmas’

A revised mechanism for transferring EU data outside of the EU may be ready by Christmas, according to the EU’s digital chief.

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs).

Source: New mechanism for EU data transfers ‘may be ready by Christmas’

What to expect on revised standard contractual clauses

In wake of the “Schrems II” decision, this is what companies should think about when the European Commission releases revised standard contractual clauses.

The most probable scenario for the additions to the SCCs is that the revised SCCs will contain an additional representation from the data exporter that it has verified — and is satisfied — that the law of the third country of destination ensures adequate protection under EU law for the transferred data and that the level of protection required by EU law is respected in the country of destination. There also may be an additional requirement imposed on the data importer to assist the data exporter with making this determination, if so requested by the data exporter.

Full article: What to expect on revised standard contractual clauses

Facebook told it may have to suspend EU data transfers after Schrems II ruling

Ireland’s data protection watchdog, the DPC, has sent Facebook a preliminary order to suspend data transfers from the EU to the US.

The preliminary suspension order follows a landmark ruling by Europe’s top court this summer which both struck down a flagship data transfer arrangement between the EU and the US and cast doubt on the legality of an alternative transfer mechanism (aka SCCs) — certainly in cases where data is flowing to a non-EU entity that falls under US surveillance law.

Source: Facebook told it may have to suspend EU data transfers after Schrems II ruling | TechCrunch

European Parliament Held Meeting on Future of EU-U.S. Data Flows

On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union (CJEU).

In addition to Members of the European Parliament , the meeting’s participants included Justice Commissioner Didier Reynders, European Data Protection Board (EDPB) Chair Andrea Jelinek and Maximilian Schrems. Importantly, Commissioner Reynders stated during the meeting that the new Standard Contractual Clauses might be adopted by the end of 2020, at the earliest.

Source: European Parliament Meeting on Future of EU-U.S. Data Flows

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

What Privacy Shield organizations should do in the wake of ‘Schrems II’

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement.

Fortunately, the CJEU did not invalidate the European Commission’s standard contractual clauses for transfers to data processors. However, the rationale behind the court’s ruling on Privacy Shield (which focused on concerns about U.S. law and practice on government surveillance) would suggest that companies will need to evaluate their use of SCCs.

So, what now?

Full article: What Privacy Shield organizations should do in the wake of ‘Schrems II’

What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for you

On the 16th of July, one of the most anticipated cases in data protection, case C-311/18 — Facebook Ireland versus Schrems — will be delivered by the EU Court of Justice.

The verdict in the groundbreaking “Schrems 2.0” case will dictate whether the widely used Standard Contractual Clauses (SCCs) and the EU/USA Privacy Shield will remain a valid means of transferring personal data to countries outside the EEA under the EU’s GDPR.

Full article: What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for your organisation and how to prepare for the 16th of July

German Supervisory Authority Publishes New Standard Clauses for Processors

On April 9, 2020, the German Supervisory Authority of Baden-Wuerttemberg published standard contractual clauses for data processors pursuant to Article 28(8) GDPR.

It is the first German Supervisory Authority to do so, and the second in EU after the Danish Supervisory Authority published its own standard clauses in July 2019.

Source: German Supervisory Authority Publishes New Standard Clauses for Processors

>