Tag Archives: Standard Contractual Clauses

European Commission issues New Standard Clauses for data transfers outside the EEA: Act within 18 months

Today the European Commission issued the new and long-awaited Standard Contractual Clauses, available here (SCCs). These new SCCs contain updates for the GDPR, and replace the three sets of SCCs that were adopted under the previous Data Protection Directive. The SCCs released today include the following modules: Controller to controller transfers, Controller to processor transfers, … Continue Reading

The EDPB and EDPS adopt joint opinions on the new draft SCCs

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) announced their joint opinions on the draft standard contractual clauses (SCCs) previously published by the European Commission in November 2020. The opinions cover the SCCs between controllers and processors and the SCCs for the transfer of personal data to third countries.  We … Continue Reading

European Commission releases draft updated standard contractual clauses

On 12 November 2020, the European Commission released draft updated standard contractual clauses (SCCs) for consultation (available here). The current SCCs were adopted by the Commission before the GDPR came into force.  The CJEU’s decision in the Schrems II case has given greater urgency to updating the current SCCs. Once approved, the new SCCs will … Continue Reading

European Commission publishes draft Article 28 clauses for consultation

On 12 November 2020, the European Commission released its first draft set of clauses covering the Article 28 GDPR requirements, for consultation (available here). Article 28 of the GDPR governs the relationship between controllers and processors. In particular, Articles 28(3) and (4) outline the details that must be included in a data processing agreement between … Continue Reading

Get your Update on IT & Data Protection Law in our Newsletter (Summer 2019 Edition)

The Summer 2019 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released: English version German version In this edition we cover the following topics: ECJ and GDPR: Another decision hitting social media activities by companies EDPB does not opt for changes to EU standard contractual clauses EU … Continue Reading

German Data Protection Authority fines companies for transferring data to the United States

Following the CJEU’s judgment of October 2015 invalidating the European Commission’s Safe Harbor Decision, the Data Protection Authority Hamburg (“DPA Hamburg“) started investigations against 35 internationally operating companies in Hamburg. According to a press release of DPA Hamburg of 6 June 2016, these investigations revealed that the majority of the companies under investigation had used … Continue Reading

EU Data Protection Regulators All Set to Scrutinise ‘EU-U.S. Privacy Shield’ and Transfer Mechanisms to the U.S. Generally

On 3 February, the Article 29 Working Party (‘WP29’), a group comprising representatives of the EU Member States’ Data Protection Authorities (‘DPAs’), issued a statement cautiously welcoming the agreement on an “EU-U.S. Privacy Shield”. If it is formally adopted, the Privacy Shield will replace the Safe Harbor agreement that was declared invalid by the EU’s … Continue Reading

Spain issues deadline for implementing alternative Safe-Harbor mechanisms

Spain’s Data Protection Authority, the Agencia Española de Proteccion de Datós (‘AEPD’), has issued a deadline of 29 January 2016, for the implementation of alternative mechanisms to Safe Harbor. By letter dated 3 November 2015, the AEPD imposed the deadline on all companies operating in Spain that had previously notified it of personal data transfers … Continue Reading
LexBlog