Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

Slides:

Advertisements

Similar presentations

European Judicial Network The EJN website:

Advertisements

Damon Greer Safe Harbor Program October 15, 2007

SARQA/DKG Conference 3-4 October SARQA/DKG Conference 3-4 OCTOBER 2002 Annex 13 Update An Industry Perspective Michael J Cooke Director, Global.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

1 SPORT AND COMPETITION LAW AT EU LEVEL Madrid, february 2007 MICHELE COLUCCI

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Regional Policy EUROPEAN COMMISSION 1 EGTC regulation EGTC regulation ESF and EGTC regulations Regulation of the European Parliament and of the Council.

European Commission: 1 Environmental Noise Directive 7-8 October 2010 EEA, Copenhagen.

1 Information meeting Communications Activities in the framework of the MEDA regional Information & Communication Programme targeting Youth in the Mediterranean.

1 Unit C3 Finance, legal Affairs and Partner support CALL FOR PROPOSALS APPLICATION PROCEDURE SPECIFIC ADMINISTRATIVE AND FINANCIAL ISSUES Version

Chasing after debtors The Review of Brussels I Regulation and transparency of debtors assets Chris Pitt-Lewis December 2011.

The EU I2010 benchmarking framework and its implementation GENEVE 29 June 2008.

EU Personal Data Transfers: The Perspective of a Friendly U.S. Harborite And AMCHAM EU Member Christopher Foster Assistant General Counsel, Data Privacy.

1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.

CONFERENCE ON CROSS BORDER DATA FLOWS & PRIVACY

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

GE’s Binding Corporate Rules: Achievements, Challenges and Solutions

LLM 2010/11 EU Environmental Law I The EU on the International Stage.

1 CHILDREN’S RIGHTS UNDER EUROPEAN UNION LAW Dr Geoffrey Shannon Solicitor Special Rapporteur on Child Protection Friday, 13 December 2013.

EU Market Situation for Eggs and Poultry Management Committee 21 June 2012.

FP7 Grant Agreement Amendments: basic principles and processing

Work programme 2009 – Info Day European Commission – DG Enterprise & Industry E-M. Engdahl Information Day 16th September 2009 REA - Brussels Seventh Framework.

8 th IG-Meeting Coordinated Auctioning, Auction Office and Organisational Issues Christian Todem Vienna

1 EUROPEAN UNION LEGISLATION AND ITS IMPLEMENTATION IN THE UK.

A European Data Protection Framework for the 21st century Paul NEMITZ Director DG JUSTICE – Fundamental Rights and Union Citizenship.

CHAPTER 2 The sources of contractual terms. Introduction This section concerns the contract of employment and how it comes into existence. It is important.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

Sarah Branam Mehmet MunurDino Tsibouris

E-commerce Law Jurisdiction. Jurisdiction is relevant to e-commerce law in 2 ways: 1.Private International Law 2.Taxation implications.

Robert L. Rothman Donald A. Cohn

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

From European to international standards on data protection (1/2)

Class 13 Internet Privacy Law European Privacy.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /

Study on the Implementation of the European Regulation (EC) N° 1370/2007 on public passenger transport services by rail and by road of 23 October 2007.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

Undertakings for collective investment in transferable securities (UCITS) Worldbank Global Development Learning Network The Advanced Program in Accounting.

Preparation of future ENI CBC programmes - State of Play Vanessa De Bruyn (DG DEVCO) 3 December 2012.

Forum INFOBALT 2002 Vilnius, October 21, 2002 Current ICC Initiatives Relating to Data Protection Christopher Kuner Hunton & Williams, Brussels Vice-Chair,

©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Key Points for a Privacy Programme for Multinationals Steve Coope.

1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 9 – Financial Services Bilateral.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Industry 4.0 – New ways of cooperative working – are we prepared?

Peter Swire Holder Chair of Law and Ethics

Data Protection: EU & International

Data Protection The Current Regime

Information Governance and Data Privacy: A World of Risk

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Bob Siegel President Privacy Ref, Inc.

The Mutual Recognition Regulation

Employee Privacy and Privacy of Employee Information

חוק הגנת הפרטיות בהשוואה ל GDPR

Data transfers to non-EU countries under the new GDPR

EU Data Protection Legislation

Presentation transcript:

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007

1 Options for Transborder Data Flows Consent Contractual necessity + others Standard clauses Bespoke contract US Safe Harbor Approved destination Strategies for Transborder Data Flows Binding Corporate Rules

2 Standard Contractual Clauses –Article 26 (4) of Directive 95/46/EC –Member States required to authorize transfers based on EU Commission standard contractual clauses –3 sets of clauses so far: – index_en.htmhttp://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/ index_en.htm –Transfers between Data Controllers (Commission Decision 2001/497/EC of June 15, 2001) –Transfers between a Data Controller and a Data Processor (Commission Decision 2002/16/EC of December 27, 2001) –Transfers between Data Controllers - ICC version (Commission Decision C2004/5271 of December 27, 2004)

3 Standard Data Controller Clauses –Initial version June 2001 –Data Exporter agrees to: –warrant DP compliance in home country –provide access to the standard clauses to data subjects –respond to DPAs enquiries –Data Importer agrees to: –abide by DP mandatory principles (in Appendix 2) –Third party rights for data subjects –Joint and several liability

4 Standard Data Processor Clauses –Similar obligations for Data Exporter –Reduced obligations for Data Importer –process only upon instructions –implement specific security measures –No joint and several liability –Data Importer liable only if Data Exporter disappears factually or ceases to exist legally

5 ICC Standard Clauses –New version December 2004 –Some improvements over previous controller clauses –no joint and several liability –more pragmatic principles (e.g. exceptions to subject access rights) –more business friendly language BUT… –still designed for point to point use –only cover controller to controller transfers (though work at an advanced stage on controller to processor clauses to address e.g. sub-contracting issues)

6 Practical issues of application –Variety of application throughout the EU –Procedure required: none - filing – approval –Level of details required in the schedules –Language issue (translation requirement) –Additional clauses: allowed or not in practice (bespoke contracts) –Challenge for multi-party situations –E.g. multinational structure –Issue of subcontracting by Importer: (i) need for direct agreement between the Exporter and the Importers processor or (ii) three-party agreement –Multiple governing law(s)

7 Conclusion – Room for improvements –Need for consistency and harmonization of procedural requirements –Extension of use for multi-party transfers –Allowance for onward transfer to data processors –Possibility to include additional clauses –Other sets of clauses required in specific areas –e.g. HR transfers

8 Questions? Tanguy Van Overstraeten Linklaters LLP Rue Brederode Brussels Tel: Fax: