Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lee A. Bygrave, Norwegian Research Center for Computers and Law

Published byDonald Sparks Modified over 6 years ago

Similar presentations

Presentation on theme: "Lee A. Bygrave, Norwegian Research Center for Computers and Law"— Presentation transcript:

1 Lee A. Bygrave, Norwegian Research Center for Computers and Law
The GDPR’s data export regime: caught between a rock and hard place? EU2017.ee; University of Tartu, 8 Sept. 2017

2 This is not bananas we’re talking about!

3 The second crusade? “Why would Europe not be proud to contribute its requiring standards of respect for fundamental rights to the world in general?” -- CJEU President, Koen Lenaerts, 2015

4 EU as global rule maker The Brussels effect …
Over 100 countries with dp laws Most follow ‘EU’ model Cf. APEC Privacy Framework Position of PRC?

5 GDPR data export regime: tried and tested
Over 40 years of European TBDF restrictions Legitimate rationale: anti-circumvention (not protectionism or proselytization!) GDPR export regime ≈ DPD export regime Reliance on adequacy assessment of third country But some tweaking and added detail …

6 Some examples of tweaking
Explicit provision for BCRs (Art. 47) Rules extend to data transfers to intl. orgs. More fine-grained adequacy assessment E.g. adequacy of sectors, not whole jurisdictions‘ ‘Anti-FISA’ clause (aka ‘Snowden’ clause): ‘Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State’ (Art. 48) [not binding on UK or Ireland]

7 GDPR data export regime: trying and tiring (and tired?)
Cumbersome and exacting focus on practical effect Lopsided in focus relatively few adequacy findings privileged status of USA Safe Harbor Agreement (2000); EU-U.S. Privacy Shield (2016); Umbrella Agreement for data exchange between LEAs in EU and U.S. (2017) Where does PRC feature?

8 Don’t forget the judiciary (and Charter)!

9 Fundamental rights jurisprudence as game changer
Ratcheting up of standards Adequate protection = ‘essentially equivalent’ protection: Case C-362/14, Schrems v. Data Protection Commissioner CFR as primary benchmark Less room for pragmatism Cf. SHA and NZ adequacy decision Would Lindqvist (Case C-101/01) be resolved differently now? EU TBDF regulation “caught between reality and illusion” (Kuner)

10 “Interoperability” as holy grail
OECD Guidelines, para. 21; APEC Cross-Border Privacy Rules

Download ppt "Lee A. Bygrave, Norwegian Research Center for Computers and Law"

Similar presentations

SOURCES OF EU RIGHTS LAW Article 6 TEU indicates three sources for EE Human rights law. 1) EU Charter of Fundamental Rights, Which was proclaimed in Nice.

SOURCES OF EU RIGHTS LAW Article 6 TEU indicates three sources for EE Human rights law. 1) EU Charter of Fundamental Rights, Which was proclaimed in Nice.
Sarah Branam Mehmet MunurDino Tsibouris

Sarah Branam Mehmet MunurDino Tsibouris
Slide 1/15 © copyright Standard training programme in judicial cooperation in criminal matters within the European Union Version: 3.0 Last updated: 31.10.2012.

Slide 1/15 © copyright Standard training programme in judicial cooperation in criminal matters within the European Union Version: 3.0 Last updated:
University of Bremen Collaborative Research Center “Transformations of the State” Project B4 Regulation and Legitimation in the Internet Slide 1 Hybrid.

University of Bremen Collaborative Research Center “Transformations of the State” Project B4 Regulation and Legitimation in the Internet Slide 1 Hybrid.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Background Note: Regulation & Enforcement of Public Procurement.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Background Note: Regulation & Enforcement of Public Procurement.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
From European to international standards on data protection (1/2)

From European to international standards on data protection (1/2)
CROSS BORDER SUCCESSION,

CROSS BORDER SUCCESSION,
Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave, 17.2.2006.

Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave,
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
June 1, 20161 41 st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.

June 1, st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.
Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave, 27.2.2006.

Privacy, Data Protection and Lex Informatica -- lecture 6 Dr. Lee A. Bygrave,
Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave, 3.3.2006.

Privacy, Data Protection and Lex Informatica -- lecture 7 Dr. Lee A. Bygrave,
DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.

DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.

Similar presentations

Ads by Google