Tag Archives: Model Clauses

CJEU has released Opinion on EU-Canada Passenger Name Record Agreement – What it means for international data transfer mechanisms

In the Opinion 1/15 of 26 July 2017 (“Opinion”), the Court of Justice of the European Union (“CJEU”) held that the proposed agreement between the EU and Canada on the transfer and processing of Passenger Name Record (“PNR”) data may not be concluded in its current form. The Opinion is available here. The CJEU said that … Continue Reading

German Data Protection Authority fines companies for transferring data to the United States

Following the CJEU’s judgment of October 2015 invalidating the European Commission’s Safe Harbor Decision, the Data Protection Authority Hamburg (“DPA Hamburg“) started investigations against 35 internationally operating companies in Hamburg. According to a press release of DPA Hamburg of 6 June 2016, these investigations revealed that the majority of the companies under investigation had used the … Continue Reading

EU Art. 29 Working Party Announces Cooperation Procedure for EU Model Clauses

The Article 29 Data Protection Working Party (Working Party) released a Working Document setting forth a co-operation procedure for issuing common opinions on “Contractual clauses” considered as compliant with the EC Model Clauses (Working Document). The aim of this Working Document is to facilitate the use of the EU model clauses across multiple jurisdictions in … Continue Reading

Article 29 Working Party proposes clauses for data transfers from EU processors to non-EU subprocessors

This post was also written by Matthew N. Peters. As is well-known, personal data is restricted from leaving the EEA. On 21 March, the EU’s Article 29 Working Party (the WP) issued draft ad hoc model clauses for data transfers from EU processors to non-EU subprocessors.  While not yet approved by the EC Commission, this … Continue Reading

Spanish Data Protection Authority’s New Outsourcing Model Clauses for Service Providers Subcontracting Outside the EEA

In December 2012, the Spanish Data Protection Authority (SPDA) published a new set of Model Clauses prepared purely for use by service providers that subcontract to companies located in countries outside the EEA. These new Model Clauses (based on the 2010 controller-to-processor clauses) will allow for an international transfer of personal data between a data … Continue Reading
LexBlog