background preloader

Binding Corporate rules

Facebook Twitter

Why model clauses and BCRs will also be in question if CJEU quashes EU-US data transfers safe harbour. It is anticipated that the Court of Justice of the EU (CJEU) will quash a 'safe harbour' regime that supports EU-to-US data transfers amidst concerns with US surveillance practices and how that impacts on EU citizens' privacy rights.

Why model clauses and BCRs will also be in question if CJEU quashes EU-US data transfers safe harbour

Fears that US law enforcement and intelligence agencies engage in mass surveillance activities prompted an advisor to the CJEU to last month deem the safe harbour regime incompatible with EU data protection laws. However, if the CJEU confirms that finding on Tuesday it is likely that other legal tools, beyond safe harbour, which organisations rely on to transfer personal data from the EU to the US will come in for scrutiny too. That prospect creates uncertainty for businesses that, until now, will have believed the data transfer arrangements they have in place meet the standards required by EU law. Concern over EU-US data transfers The advocate general's opinion The potential impact of the ruling Such scrutiny might be initiated at EU level. Binding corporate rules. What are Binding Corporate Rules designed to achieve?

Binding corporate rules

Binding Corporate Rules (BCRs) are designed to allow multinational companies to transfer personal data from the European Economic Area (EEA) to their affiliates located outside of the EEA in compliance with the 8th data protection principle and Article 25 of Directive 95/46/EC. Applicants must demonstrate that their BCRs put in place adequate safeguards for protecting personal data throughout the organisation in line with the requirements of the Article 29 Working Party papers on Binding Corporate Rules (see below). How do I get authorisation for my BCRs?

The procedure is designed to avoid you having to approach each individual data protection authority separately. You need to choose a data protection authority (DPAs) to be a lead authority. When submitting an application, you should use Working Party paper 133, which is an application form based on WP 108, or you can put together your own application.

Safe Harbor is dead. What does that mean for your customer insights & analytics practices? Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid.

Safe Harbor is dead. What does that mean for your customer insights & analytics practices?

Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake. Let's start with a primer on Safe Harbor. Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Speak up about your third-party data sharing practices. My S&R peers have published a timely report on the ECJ ruling, and what it means for their clients. As always, don't hesitate to reach out to us with questions you may have about this important ruling.

Overview on Binding Corporate rules. What is it?

Overview on Binding Corporate rules

Binding Corporate Rules ("BCR") are internal rules (such as a Code of Conduct) adopted by multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection. What is the purpose of BCR? BCR are used by multinational companies in order to adduce adequate safeguards for the protection of the privacy and fundamental rights and freedoms of individuals within the meaning of article 26 (2) of the Directive 95/46/CE for all transfers of personal data protected under a European law. To that extent, BCR ensure that all transfers are made within a group benefit from an adequate level of protection. Once approved under the EU cooperation procedure, BCR provide a sufficient level of protection to companies to get authorisation of transfers by national data protection authorities ("DPA").

BCR make it possible to... EU Binding Corporate Rules For Transferring Data: A Comparison of US Law, EU Law, and Soon-To-Be EU Law.