Why model clauses and BCRs will also be in question if CJEU quashes EU-US data transfers safe harbour. It is anticipated that the Court of Justice of the EU (CJEU) will quash a 'safe harbour' regime that supports EU-to-US data transfers amidst concerns with US surveillance practices and how that impacts on EU citizens' privacy rights.
Fears that US law enforcement and intelligence agencies engage in mass surveillance activities prompted an advisor to the CJEU to last month deem the safe harbour regime incompatible with EU data protection laws. However, if the CJEU confirms that finding on Tuesday it is likely that other legal tools, beyond safe harbour, which organisations rely on to transfer personal data from the EU to the US will come in for scrutiny too. That prospect creates uncertainty for businesses that, until now, will have believed the data transfer arrangements they have in place meet the standards required by EU law. Binding corporate rules. What are Binding Corporate Rules designed to achieve?
Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with the 8th data protection principle and Article 25 of Directive 95/46/EC. Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organisation in line with the requirements of the Article 29 Working Party papers on Binding Corporate Rules (see below). How do I get authorisation for my BCRs? Safe Harbor is dead. What does that mean for your customer insights & analytics practices? Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid.
Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. Overview on Binding Corporate rules. What is it?
Binding Corporate Rules ("BCR") are internal rules (such as a Code of Conduct) adopted by multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection. What is the purpose of BCR? BCR are used by multinational companies in order to adduce adequate safeguards for the protection of the privacy and fundamental rights and freedoms of individuals within the meaning of article 26 (2) of the Directive 95/46/CE for all transfers of personal data protected under a European law. To that extent, BCR ensure that all transfers are made within a group benefit from an adequate level of protection. EU Binding Corporate Rules For Transferring Data: A Comparison of US Law, EU Law, and Soon-To-Be EU Law.