Latest Posts
Search for:
Tag

SCCs

Browsing
In Data Privacy

European Commission adopts “adequacy” decision for the EU-U.S. Data Privacy Framework (“DPF”)

by , , , , , , , , , , , , , , , , , , , , , , , and 4 Mins Read

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…

In Data Privacy

China Standard Contractual Clauses: June 1 Adoption Deadline is Approaching

by , , , , , , , and 2 Mins Read

In brief Companies that export personal data out of China have roughly one month to adopt China’s Standard Contractual Clauses (“SCCs”) to comply with the Cyberspace Administration of China’s (“CAC”) deadline of June 1, 2023. As outlined in previous client alerts, the SCCs are one of three mechanisms in place for cross-border data transfers from mainland China to other jurisdictions. Many multinationals will be impacted by these requirements because Chinese employment data, which is…

In Data Privacy

China Issues Standard Contractual Clauses, effective June 1

by , , , , , , and 5 Mins Read

In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…

In Data Privacy

New UK Addendum for International Data Transfers Set to Come Into Force in March

by , and 2 Mins Read

The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act. Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by…

In Data Privacy

Standardizing Data Processing Agreements Globally

by , , , and 15 Mins Read

*Article originally posted on IAPP.org* Privacy professionals around the world are feverishly working on configuring and implementing the European Union’s new Standard Contractual Clauses (“SCCs”). On September 27, 2021, companies in the European Economic Area (EEA) must not enter into new cross-border data transfer arrangements with companies in the United States and most other countries, unless the recipient outside the EEA agrees to the new SCCs (Elisabeth Dehareng, Francesca Gaudino and Brian Hengesbaugh, The road ahead…

In Data Privacy

The Road Ahead in an Uncertain World of Cross-Border Data Transfers

by , and 6 Mins Read

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

In Data Privacy

Consideration for EU Service Providers Supporting EU and Non-EU Customers

by , , , , , , , , , , , , , , , , , , , , , , , and 14 Mins Read

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

In Data Privacy

Top-10 Do’s and Don’ts for Service Providers Implementing the New SCCs with EU Customers

by , and 7 Mins Read

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the Official Journal. The new SCCs are a mechanism companies can use to address the restriction under Article 44 in the EU General Data Protection Regulation on the cross-border transfer of personal data to third countries. Given the timing requirements in the commission’s decision, the U.S. and other service providers located in…

In EU GDPR

Intra-EU/EEA Standard Contractual Clauses: What you need to know

by , , , , , , , , , , , , , , , , , , , , , , , and 7 Mins Read

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

In Data Privacy

BCRs as a robust alternative to Privacy Shield and SCCs

by and 2 Mins Read

BCRs as a robust alternative to Privacy Shield and SCCs Binding corporate rules are considered the “gold standard” for international data transfers, primarily as they constitute the only data transfer mechanism that carries individual regulatory approval. As all concerned supervisory authorities have participated in the review and approval process, it seems unlikely that a supervisory authority would initiate an enforcement action against a data transfer that takes place on this basis. BCRs are also not…

Load More