Challenges and Solutions in Cross-Border Data Transfers: A Privacy Perspective

Slide Note
Embed
Share

Pressure on legal teams to expedite contract reviews for expanding sales has been impeded by Data Processing Agreements and Standard Contractual Clauses, especially in dealings with European customers. Examples of challenging demands from customers are highlighted. The evolution of cross-border data transfer regulations, particularly the impact of the Schrems II ruling, is discussed. The need to revisit approaches to Data Processing Agreements is emphasized, focusing on compliance rather than risk-shifting provisions.

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

casimir
casimir Follow

Uploaded on May 14, 2024 | 0 Views

Presentation Transcript

  1. CROSS-BORDER DATA TRANSFERS Privacy Series by The Broad Axe

  2. OUTLINE The Problem HowDidWeGet Here HowDoWeSolveThis Problem

  3. THE PROBLEM There s always been pressure on the legal team to turn contracts quickly so that the company can expand sales and grow. Data Processing Agreements and Standard Contractual Clauses have slowed down the contract review cycle. Especially when negotiating with European customers.

  4. EXAMPLES Customers who demand Transfer Impact Assessments as a part of the standard contractual clauses. Customers who over burden the DPA with liability and indemnity clauses. Customers who hide liability clauses in data breach response clauses. Customers who hide IP licensing clauses in the DPA. Customers who demand copies of your DPAs with sub- processors. Customers that want a list of every one of your sub- processors.

  5. HOW DID WE GET HERE? Safe Harbor Snowden Leak Schrems I Privacy Shield Schrems II EDPB guidance for cross-border transfers

  6. THE PROBLEM REVISITED Schrems II In this case, the Court of Justice for the European Union ( ECJ ) ruled that cross-border data transfers to the US do not meet the GDPR s privacy requirements. The ECJ was particularly redressability, privacy safeguard, and equivalence between US and EU law. Problematically, the ECJ s analysis is based on the state of US law in the early 2010s, before significant changes to US law in 2017 and 2018. concerned about issues of

  7. THE PROBLEM REVISITED The ECJ s ruling in Schrems II increased skepticism of US data processing agreements. European conclusions that data shouldn t transfer to the US. law firms and companies have rushed to That skepticism has fueled the issues raised earlier in the presentation.

  8. HOW DO WE SOLVE THIS PROBLEM Back to basics: The DPA (and the attached SCCs and TIAs) are not a risk shifting document. The DPA should be a compliance exercise where parties check boxes on their compliance obligations. Remove all clauses about liability and indemnity and discuss those issues in the MSA. Paying for data breach response and management should be based on comparative fault. company is always at fault. DPAs are not the place for IP discussions. Not on the assumption one

  9. HOW DO WE SOLVE THIS PROBLEM Back to basics: Customers shouldn t ask for contracts from your sub-processors: they aren t a party to those contracts. Customers also shouldn t ask to be signatories to your contracts with sub-processors because they don t have contractual privity with your sub-processors.

  10. HOW DO WE SOLVE THIS PROBLEM For TIAs: We don t want to turn this conversation into an in-depth dive on international surveillance law, but you will need a Transfer Impact Assessment that explains why US doesn t violate GDPR privacy principles. The Congressional Research Service has done this analysis for you. You can https://crsreports.congress.gov/product/pdf/R/R46724 find that report here:

  11. THANK YOU If youhave anyquestion,you can contact: Lana Xaochay lana.Xaochay@ivanti.com Tsutomu Johnson tomu@thebroadaxe.us

  12. DISCLAIMER The slides contained herein and the content they contain are for informational purposes only and not for the purpose of providing legal advice. You should not rely on the information contained herein without seeking the advice of an attorney. Reviewing or receiving these slides does not create an attorney client relationship between you and The Broad Axe. For any particular legal issue or problem, you should contact an attorney directly to obtain legal advice.

Related


Cross-Border Cooperation Project for Sustainable Peace and Social Cohesion

Cross-Border Cooperation Project for Sustainable Peace and Social Cohesion

stephanie
Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Understanding Data Use Agreements (DUAs) in Sponsored Projects Office

Understanding Data Use Agreements (DUAs) in Sponsored Projects Office

helene
Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide

Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide

huey
Expenditure Transfers in Research

Expenditure Transfers in Research

imaan
Introduction to WISEdata Portal and Data Privacy Guidelines

Introduction to WISEdata Portal and Data Privacy Guidelines

amirah
Reimagining Cross-Border Higher Education Post-Pandemic: Insights on Student Mobility in Asia

Reimagining Cross-Border Higher Education Post-Pandemic: Insights on Student Mobility in Asia

justus
EU Commission Initiatives: Inclusion and Digitalization in Cross-Border Proceedings

EU Commission Initiatives: Inclusion and Digitalization in Cross-Border Proceedings

rainer
Caucasus Transmission Network I-III Project Overview

Caucasus Transmission Network I-III Project Overview

dakari
Update on Cross-Border M&A in Corporate/International Taxation

Update on Cross-Border M&A in Corporate/International Taxation

evalyn
Understanding Energy Stores and Transfers

Understanding Energy Stores and Transfers

morwenna
Dynamic Transfer Types and Reporting: Enhancing Financial Operations

Dynamic Transfer Types and Reporting: Enhancing Financial Operations

callista
Potential Role of Big Data in Economic Policy

Potential Role of Big Data in Economic Policy

montague
NCI Data Collections BARPA & BARRA2 Overview

NCI Data Collections BARPA & BARRA2 Overview

karol
Privacy and Democracy: Safeguarding Journalists and Political Opposition

Privacy and Democracy: Safeguarding Journalists and Political Opposition

serge
Privacy Breach Management Guide by Health PEI

Privacy Breach Management Guide by Health PEI

zack
The Digital Personal Data Protection Act 2023

The Digital Personal Data Protection Act 2023

edelweiss
Understanding Cross-Connection Control and Backflow Prevention in Water Systems

Understanding Cross-Connection Control and Backflow Prevention in Water Systems

winnie
Understanding Open Government Data Principles and Benefits

Understanding Open Government Data Principles and Benefits

dani
Exploring Data Analytics: Introduction, Terminology, Challenges, Platforms, Tools, Applications

Exploring Data Analytics: Introduction, Terminology, Challenges, Platforms, Tools, Applications

saint
Leveraging Data Warehouse and Cloud Computing for Informed Decision-Making

Leveraging Data Warehouse and Cloud Computing for Informed Decision-Making

carolyn
Challenges in Cybersecurity Implementation: A Philippine Perspective

Challenges in Cybersecurity Implementation: A Philippine Perspective

shona
Overview of Data Science: Uncovering Insights from Data

Overview of Data Science: Uncovering Insights from Data

anahita
Supporting Youth Experiencing Homelessness Through RHY-HMIS Data

Supporting Youth Experiencing Homelessness Through RHY-HMIS Data

ryne

More Related Content

Building a FAIR-Compliant Platform for AI-Ready Data in Particle Accelerators
Building a FAIR-Compliant Platform for AI-Ready Data in Particle Accelerators
Understanding Data Lifecycle and Mining for Business Intelligence
Understanding Data Lifecycle and Mining for Business Intelligence
Automated Mobile App QoE Diagnosis with Cross-layer Analysis
Automated Mobile App QoE Diagnosis with Cross-layer Analysis
CBAM: a perspective on emissions and global warming
CBAM: a perspective on emissions and global warming
Carbon Border Adjustment Mechanism (CBAM)
Carbon Border Adjustment Mechanism (CBAM)
HIPAA Privacy
HIPAA Privacy
Ensuring Credible Private Set Membership with Efficient Communication
Ensuring Credible Private Set Membership with Efficient Communication
Daniels Law Now: Protecting Covered Persons' Information
Daniels Law Now: Protecting Covered Persons' Information
Challenges and Legal Framework for AI Regulation in the EU
Challenges and Legal Framework for AI Regulation in the EU
Benefits of Coordinating Monetary Transfers for Beneficiaries
Benefits of Coordinating Monetary Transfers for Beneficiaries
Cross-platform C++ Development with CMake and vcpkg
Cross-platform C++ Development with CMake and vcpkg
Climbing to the Top of the Test Pyramid with Playwright
Climbing to the Top of the Test Pyramid with Playwright
Comprehensive Cross-Promotion Proposal Template and Guide
Comprehensive Cross-Promotion Proposal Template and Guide
Enhancing Wheat Data Interoperability for Sustainable Production
Enhancing Wheat Data Interoperability for Sustainable Production
Data Quality Assessments
Data Quality Assessments
Enhancing Health Data Usage for Transient Populations in Malawi
Enhancing Health Data Usage for Transient Populations in Malawi
Understanding Data Governance and Security in Higher Education Institutions
Understanding Data Governance and Security in Higher Education Institutions
Career Education Data Team Organization Guide
Career Education Data Team Organization Guide
Understanding Data Types and Summary Statistics in Exploratory Data Analysis
Understanding Data Types and Summary Statistics in Exploratory Data Analysis
Understanding the Importance of SDMX in Statistical Data Exchange
Understanding the Importance of SDMX in Statistical Data Exchange
Effective Use of Data for Educational Improvement
Effective Use of Data for Educational Improvement
Enhancing Educational Leadership Through Data-Driven Decision-Making
Enhancing Educational Leadership Through Data-Driven Decision-Making
Drone Detection Using mmWave Radar for Effective Surveillance
Drone Detection Using mmWave Radar for Effective Surveillance
LIFE: EE4HORECA Presentation on Work Package 5.2 and 3 October 2023, Brussels
LIFE: EE4HORECA Presentation on Work Package 5.2 and 3 October 2023, Brussels