Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

Published byGabriel Hall Modified over 10 years ago

Similar presentations

Presentation on theme: "Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007."— Presentation transcript:

1 Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007

2 1 Options for Transborder Data Flows Consent Contractual necessity + others Standard clauses Bespoke contract US Safe Harbor Approved destination Strategies for Transborder Data Flows Binding Corporate Rules

3 2 Standard Contractual Clauses –Article 26 (4) of Directive 95/46/EC –Member States required to authorize transfers based on EU Commission standard contractual clauses –3 sets of clauses so far: –http://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/ index_en.htmhttp://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/ index_en.htm –Transfers between Data Controllers (Commission Decision 2001/497/EC of June 15, 2001) –Transfers between a Data Controller and a Data Processor (Commission Decision 2002/16/EC of December 27, 2001) –Transfers between Data Controllers - ICC version (Commission Decision C2004/5271 of December 27, 2004)

4 3 Standard Data Controller Clauses –Initial version June 2001 –Data Exporter agrees to: –warrant DP compliance in home country –provide access to the standard clauses to data subjects –respond to DPAs enquiries –Data Importer agrees to: –abide by DP mandatory principles (in Appendix 2) –Third party rights for data subjects –Joint and several liability

5 4 Standard Data Processor Clauses –Similar obligations for Data Exporter –Reduced obligations for Data Importer –process only upon instructions –implement specific security measures –No joint and several liability –Data Importer liable only if Data Exporter disappears factually or ceases to exist legally

6 5 ICC Standard Clauses –New version December 2004 –Some improvements over previous controller clauses –no joint and several liability –more pragmatic principles (e.g. exceptions to subject access rights) –more business friendly language BUT… –still designed for point to point use –only cover controller to controller transfers (though work at an advanced stage on controller to processor clauses to address e.g. sub-contracting issues)

7 6 Practical issues of application –Variety of application throughout the EU –Procedure required: none - filing – approval –Level of details required in the schedules –Language issue (translation requirement) –Additional clauses: allowed or not in practice (bespoke contracts) –Challenge for multi-party situations –E.g. multinational structure –Issue of subcontracting by Importer: (i) need for direct agreement between the Exporter and the Importers processor or (ii) three-party agreement –Multiple governing law(s)

8 7 Conclusion – Room for improvements –Need for consistency and harmonization of procedural requirements –Extension of use for multi-party transfers –Allowance for onward transfer to data processors –Possibility to include additional clauses –Other sets of clauses required in specific areas –e.g. HR transfers

9 8 Questions? Tanguy Van Overstraeten Linklaters LLP Rue Brederode 13 1000 Brussels Tel: +32 2 501 94 05 Fax: +32 2 501 91 14 tvanover@linklaters.com

Download ppt "Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007."

Similar presentations

European Judicial Network The EJN website:

European Judicial Network The EJN website:
Damon Greer Safe Harbor Program October 15, 2007

Damon Greer Safe Harbor Program October 15, 2007
SARQA/DKG Conference 3-4 October 2002 1 SARQA/DKG Conference 3-4 OCTOBER 2002 Annex 13 Update An Industry Perspective Michael J Cooke Director, Global.

SARQA/DKG Conference 3-4 October SARQA/DKG Conference 3-4 OCTOBER 2002 Annex 13 Update An Industry Perspective Michael J Cooke Director, Global.
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
1 SPORT AND COMPETITION LAW AT EU LEVEL Madrid, 26-27 february 2007 MICHELE COLUCCI

1 SPORT AND COMPETITION LAW AT EU LEVEL Madrid, february 2007 MICHELE COLUCCI
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Regional Policy EUROPEAN COMMISSION 1 EGTC regulation EGTC regulation ESF and EGTC regulations Regulation of the European Parliament and of the Council.

Regional Policy EUROPEAN COMMISSION 1 EGTC regulation EGTC regulation ESF and EGTC regulations Regulation of the European Parliament and of the Council.
European Commission: 1 Environmental Noise Directive 7-8 October 2010 EEA, Copenhagen.

European Commission: 1 Environmental Noise Directive 7-8 October 2010 EEA, Copenhagen.
1 Information meeting Communications Activities in the framework of the MEDA regional Information & Communication Programme targeting Youth in the Mediterranean.

1 Information meeting Communications Activities in the framework of the MEDA regional Information & Communication Programme targeting Youth in the Mediterranean.
1 Unit C3 Finance, legal Affairs and Partner support CALL FOR PROPOSALS APPLICATION PROCEDURE SPECIFIC ADMINISTRATIVE AND FINANCIAL ISSUES Version 07.02.2011.

1 Unit C3 Finance, legal Affairs and Partner support CALL FOR PROPOSALS APPLICATION PROCEDURE SPECIFIC ADMINISTRATIVE AND FINANCIAL ISSUES Version
Chasing after debtors The Review of Brussels I Regulation and transparency of debtors assets Chris Pitt-Lewis December 2011.

Chasing after debtors The Review of Brussels I Regulation and transparency of debtors assets Chris Pitt-Lewis December 2011.
The EU I2010 benchmarking framework and its implementation GENEVE 29 June 2008.

The EU I2010 benchmarking framework and its implementation GENEVE 29 June 2008.
EU Personal Data Transfers: The Perspective of a Friendly U.S. Harborite And AMCHAM EU Member Christopher Foster Assistant General Counsel, Data Privacy.

EU Personal Data Transfers: The Perspective of a Friendly U.S. Harborite And AMCHAM EU Member Christopher Foster Assistant General Counsel, Data Privacy.
1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.

1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.
CONFERENCE ON CROSS BORDER DATA FLOWS & PRIVACY

CONFERENCE ON CROSS BORDER DATA FLOWS & PRIVACY
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.

European CommissionDirectorate-General Justice, Freedom and Security Data Protection 1 Conference on Cross Border Data Flows & Privacy October 15-16, 2007.
GE’s Binding Corporate Rules: Achievements, Challenges and Solutions

GE’s Binding Corporate Rules: Achievements, Challenges and Solutions
LLM 2010/11 EU Environmental Law I The EU on the International Stage.

LLM 2010/11 EU Environmental Law I The EU on the International Stage.
1 CHILDREN’S RIGHTS UNDER EUROPEAN UNION LAW Dr Geoffrey Shannon Solicitor Special Rapporteur on Child Protection Friday, 13 December 2013.

1 CHILDREN’S RIGHTS UNDER EUROPEAN UNION LAW Dr Geoffrey Shannon Solicitor Special Rapporteur on Child Protection Friday, 13 December 2013.

Similar presentations

Ads by Google