Search

After the recent decision by the ECJ which gave back to the EU data protection authorities the right to examine whether data transfers violate EU privacy rules despite compliance with Safe Harbor, which was in fact abolished, the  WP29 offered some practical suggestions to businesses reminding that “Standard Contractual Clauses and Binding Corporate Rules can still be used” for […]

On May 22, 2015, the Article 29 Working Party (WP29) adopted a revised version of the Explanatory Document on the Processor Binding Corporate Rules (BCR). “Binding Corporate Rules” are binding internal rules intended to regulate the transfers of personal data that are originally processed by the organization as Controller within the same organization. The Document aims […]

From the Introduction: “To try and further assist and guide organisations in developing BCRs the Working Party has developed the attached framework which is a suggestion of what the BCRs might look like when incorporating all of the necessary elements identified in documents WP 74 and WP 108.”   Relevant Law: Directive 95/46/EC, Article 26(2); Documents WP […]

From the Working Document: “The working party/Data Protection Authorities have published these FAQs in light of their experience of the applications made for approval of BCRs and enquiries received about the interpretation of documents WP 74  and WP 108. The FAQs are intended to clarify particular requirements for applicants in order to assist them in […]

From the Working Document: “This checklist is designed to assist a group of companies when it applies for approval of its binding corporate rules and in particular to help demonstrate how the group complies with WP74.”   Relevant Law: Directive 95/46/EC, Article 26(2); Documents WP 74 The full text available at http://ec.europa.eu… Open pdf

From the Working Document: “This working document aims at contributing to a more harmonised application and interpretation of Article 26 (2) of the Directive in the Member States and facilitating data flows in cases where adequate protection is provided.”   Referenced Authority: Directive 95/46/EC, Article 26(2)   The full text is available at http://ec.europa.eu… Open pdf

The E.D. Michigan held that despite European data protection laws that might restrict disclosure of personal information, a US litigant must comply with federal discovery rules even if that means producing documents stored in the EU.  Under EU Directive 46/1995 and the national implementation legislation,[i] personal information can only be processed according to privacy rules. Disclosure in […]

The EDPB issued two drafts decisions on BCR (binding corporate rules), one submitted by the Norwegian SA and one by the Swedish SA. They are available here europa.eu/!tU46hy

On July 16, 2020 the European Court of Justice (ECJ) issued an epochal decision (judgment in case C-311/18 Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems): not only was the Privacy Shield wiped out (the Decision on the adequacy of the protection provided by the EU-US Data Protection Shield was invalidated) but the ECJ, […]

On November 12 and 13, 2019, the European Data Protection Board (EDPB) met in its fifteenth plenary session. The EDPB discussed important topics. Adoption of EU-US Privacy Shield Third Annual Review Report. After the Third Annual Joint Review of the Shield, the EDPB adopted its report. The EDPB appreciates the improvements by the US Authorities[i] […]