1 / 9

Transborder Data Flows & Privacy

Transborder Data Flows & Privacy. Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007. Strategies for Transborder Data Flows. Contractual necessity + others. Consent. Options for Transborder Data Flows. Approved destination. Standard clauses.

pearl-jensen
Download Presentation

Transborder Data Flows & Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007

  2. Strategies for Transborder Data Flows Contractualnecessity + others Consent Options for Transborder Data Flows Approveddestination Standard clauses Binding Corporate Rules Bespoke contract US Safe Harbor

  3. Standard Contractual Clauses • Article 26 (4) of Directive 95/46/EC • Member States required to authorize transfers based on EU Commission standard contractual clauses • 3 sets of clauses so far: • http://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/index_en.htm • Transfers between Data Controllers (Commission Decision 2001/497/EC of June 15, 2001) • Transfers between a Data Controller and a Data Processor(Commission Decision 2002/16/EC of December 27, 2001) • Transfers between Data Controllers - ICC version(Commission Decision C2004/5271 of December 27, 2004)

  4. Standard Data Controller Clauses • Initial version June 2001 • Data Exporter agrees to: • warrant DP compliance in home country • provide access to the standard clauses to data subjects • respond to DPA’s enquiries • Data Importer agrees to: • abide by DP mandatory principles (in Appendix 2) • Third party rights for data subjects • Joint and several liability

  5. Standard Data Processor Clauses • Similar obligations for Data Exporter • Reduced obligations for Data Importer • process only upon instructions • implement specific security measures • No joint and several liability • Data Importer liable only if Data Exporter disappears factually or ceases to exist legally

  6. ICC Standard Clauses • New version December 2004 • Some improvements over previous controller clauses • no joint and several liability • more pragmatic principles(e.g. exceptions to subject access rights) • more business friendly language • BUT… • still designed for point to point use • only cover controller to controller transfers (though work at an advanced stage on controller to processor clauses to address e.g. sub-contracting issues)

  7. Practical issues of application • Variety of application throughout the EU • Procedure required: none - filing – approval • Level of details required in the schedules • Language issue (translation requirement) • Additional clauses: allowed or not in practice (“bespoke contracts”) • Challenge for multi-party situations • E.g. multinational structure • Issue of subcontracting by Importer: (i) need for direct agreement between the Exporter and the Importer’s processor or (ii) three-party agreement • Multiple governing law(s)

  8. Conclusion – Room for improvements • Need for consistency and harmonization of procedural requirements • Extension of use for multi-party transfers • Allowance for onward transfer to data processors • Possibility to include additional clauses • Other sets of clauses required in specific areas • e.g. HR transfers

  9. Questions? • Tanguy Van Overstraeten • Linklaters LLP • Rue Brederode 13 • 1000 Brussels • Tel: +32 2 501 94 05 • Fax: +32 2 501 91 14 • tvanover@linklaters.com

More Related