Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

Similar presentations


Presentation on theme: "Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007."— Presentation transcript:

1 Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007

2 1 Options for Transborder Data Flows Consent Contractual necessity + others Standard clauses Bespoke contract US Safe Harbor Approved destination Strategies for Transborder Data Flows Binding Corporate Rules

3 2 Standard Contractual Clauses –Article 26 (4) of Directive 95/46/EC –Member States required to authorize transfers based on EU Commission standard contractual clauses –3 sets of clauses so far: –http://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/ index_en.htmhttp://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/ index_en.htm –Transfers between Data Controllers (Commission Decision 2001/497/EC of June 15, 2001) –Transfers between a Data Controller and a Data Processor (Commission Decision 2002/16/EC of December 27, 2001) –Transfers between Data Controllers - ICC version (Commission Decision C2004/5271 of December 27, 2004)

4 3 Standard Data Controller Clauses –Initial version June 2001 –Data Exporter agrees to: –warrant DP compliance in home country –provide access to the standard clauses to data subjects –respond to DPAs enquiries –Data Importer agrees to: –abide by DP mandatory principles (in Appendix 2) –Third party rights for data subjects –Joint and several liability

5 4 Standard Data Processor Clauses –Similar obligations for Data Exporter –Reduced obligations for Data Importer –process only upon instructions –implement specific security measures –No joint and several liability –Data Importer liable only if Data Exporter disappears factually or ceases to exist legally

6 5 ICC Standard Clauses –New version December 2004 –Some improvements over previous controller clauses –no joint and several liability –more pragmatic principles (e.g. exceptions to subject access rights) –more business friendly language BUT… –still designed for point to point use –only cover controller to controller transfers (though work at an advanced stage on controller to processor clauses to address e.g. sub-contracting issues)

7 6 Practical issues of application –Variety of application throughout the EU –Procedure required: none - filing – approval –Level of details required in the schedules –Language issue (translation requirement) –Additional clauses: allowed or not in practice (bespoke contracts) –Challenge for multi-party situations –E.g. multinational structure –Issue of subcontracting by Importer: (i) need for direct agreement between the Exporter and the Importers processor or (ii) three-party agreement –Multiple governing law(s)

8 7 Conclusion – Room for improvements –Need for consistency and harmonization of procedural requirements –Extension of use for multi-party transfers –Allowance for onward transfer to data processors –Possibility to include additional clauses –Other sets of clauses required in specific areas –e.g. HR transfers

9 8 Questions? Tanguy Van Overstraeten Linklaters LLP Rue Brederode Brussels Tel: Fax:


Download ppt "Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007."

Similar presentations


Ads by Google