German DPAs announce they wouldn’t authorize data transfers to US based on binding corporate rules or data transfer agreements

After the recent decision by the ECJ which gave back to the EU data protection authorities the right to examine whether data transfers violate EU privacy rules despite compliance with Safe Harbor, which was in fact abolished, the  WP29 offered some practical suggestions to businesses reminding that “Standard Contractual Clauses and Binding Corporate Rules can still be used” for […]

Tags: , ,

WP29 clarifies how multinational processors implement Binding Corporate Rules (BCR)

On May 22, 2015, the Article 29 Working Party (WP29) adopted a revised version of the Explanatory Document on the Processor Binding Corporate Rules (BCR). “Binding Corporate Rules” are binding internal rules intended to regulate the transfers of personal data that are originally processed by the organization as Controller within the same organization. The Document aims […]

Tags: ,

Article 29 Data Protection Working Party, Working Document setting up a framework for the structure of Binding Corporate Rules

From the Introduction: “To try and further assist and guide organisations in developing BCRs the Working Party has developed the attached framework which is a suggestion of what the BCRs might look like when incorporating all of the necessary elements identified in documents WP 74 and WP 108.”   Relevant Law: Directive 95/46/EC, Article 26(2); Documents WP […]

Tags: ,

Article 29 Data Protection Working Party, Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules

From the Working Document: “The working party/Data Protection Authorities have published these FAQs in light of their experience of the applications made for approval of BCRs and enquiries received about the interpretation of documents WP 74  and WP 108. The FAQs are intended to clarify particular requirements for applicants in order to assist them in […]

Tags: ,

Article 29 Data Protection Working Party, Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules

From the Working Document: “This checklist is designed to assist a group of companies when it applies for approval of its binding corporate rules and in particular to help demonstrate how the group complies with WP74.”   Relevant Law: Directive 95/46/EC, Article 26(2); Documents WP 74 The full text available at http://ec.europa.eu… Open pdf

Tags: ,

Article 29 Data Protection Working Party, Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers

From the Working Document: “This working document aims at contributing to a more harmonised application and interpretation of Article 26 (2) of the Directive in the Member States and facilitating data flows in cases where adequate protection is provided.”   Referenced Authority: Directive 95/46/EC, Article 26(2)   The full text is available at http://ec.europa.eu… Open pdf

Tags: ,

US discovery rules will likely override your EU privacy obligation: Plan ahead!

The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU.  Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]

Recently issued EDPB’s draft decisions on BCR

The EDPB issued two drafts decisions on BCR (binding corporate rules), one submitted by the Norwegian SA and one by the Swedish SA. They are available here europa.eu/!tU46hy

The ECJ invalidates the Privacy Shield – Some thoughts

On July 16, 2020 the European Court of Justice (ECJ) issued an epochal decision (judgment in case C-311/18 Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems): not only was the Privacy Shield wiped out (the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield was invalidated) but the ECJ, […]

1 2 3 4