• Contact
  • Privacy Policy
  • Advertise With Us
  • Login
  • Register
Your Trading Edge Magazine
Advertisement
  • Home
  • Feature
    • Market Commentary
    • Expert Advice
    • Columns
  • Trading
    • Shares and Trading
    • Technical Analysis
    • Trading Mindset
  • Crypto News
  • Finance
  • Subscribe
No Result
View All Result
  • Home
  • Feature
    • Market Commentary
    • Expert Advice
    • Columns
  • Trading
    • Shares and Trading
    • Technical Analysis
    • Trading Mindset
  • Crypto News
  • Finance
  • Subscribe
No Result
View All Result
Your Trading Edge Magazine
No Result
View All Result

New Compliance Obligations for Cross-Border Data Transfers

September 30, 2021
in Trading
Reading Time: 4 mins read
A A
0
New Compliance Obligations for Cross-Border Data Transfers
0
SHARES
7
VIEWS
ShareShareShareShareShare

For several years, cross-border data transfers functioned similar to airport security checks for international travel, with the Privacy Shield operating as a fast check-in lane. After the European Union (EU) Court invalidated the Privacy Shield in July 2020 (Schrems II decision), EU-U.S. data transfers faced greater uncertainties. While other mechanisms existed, Privacy Shield was a common compliance tool. Given the inability to utilize the Privacy Shield concept, the EU introduced an update to an alternative mechanism, new standard contractual clauses (New SCC), which replace the 2010 version and facilitate post-Schrems II cross-border data transfers.

Beginning September 27, 2021, most organizations will need to amend their commercial agreements with the New SCC for transatlantic data transfer. These new processes will add significant compliance obligations for customers and vendors to assess, document, and implement to ensure additional safeguards for protecting EU personal data.

Why the EU Invalidated the Privacy Shield

Before July 2020, more than 5,000 companies transferred EU personal data to the U.S. through the Privacy Shield framework approved by the U.S. and the EU. For 15 months following the Schrems II decision, companies have been struggling with this “Suez Canal moment” that places severe hurdles for transatlantic data transfer. Similar to the Evergreen container ship’s accidental blockage of the Suez Canal in 2021, the impasse in cross-border data transfer jeopardizes EU-U.S. trade at an estimated $1 trillion per year.

The EU-U.S. friction over cross-border data transfer arises because of their differing approaches in privacy and data protection: while the U.S. considers data privacy important, the EU sees it as inalienable and sacred. Edward Snowden’s revelation about U.S. surveillance programs further demonstrated that the U.S. federal government can compel companies such as Facebook to turn over EU residents’ data. In response, the EU court found that U.S. laws undermine the protections of the General Data Protection Regulation (GDPR). The court noted in its opinion that U.S. national security laws do not afford individuals sufficient rights when their personal data is intercepted by U.S. intelligence agencies.

Options for Cross-Border Data Transfers

U.S. organizations must undergo a thorough case-by-case assessment of cross-border data transfers, known as a transfer impact assessment (TIA). Other options are binding corporate rules (BCR); however, these are generally not favored by most organizations.

When to Amend Existing Agreements with the New SCC

For contracts signed before September 27, 2021 under the old SCC, companies have until December 27, 2022 to amend with the New SCC. The New SCC comes in one document with four separate cross-border transfer scenarios or modules:

1. Controller to controller,

2. Controller to processor,

3. Processor to processor, and

4. Processor to controller.

A business must select the applicable module before initiating the transfer based on the executed New SCC. A key step for the TIA outlined below is that the business must also adopt supplementary measures, in addition to the New SCC, to provide GDPR-equivalent data protection to EU residents.

The Six Steps for a Transfer Impact Assessment

The European Data Protection Board (EDPB), the EU body responsible for GDPR implementation, directed businesses exporting EU personal data to the U.S. perform the following six-step assessment:

Step 1: Perform data mapping for cross-border data transfer.

Step 2: Identify appropriate transfer tools, i.e., the New SCC or a few other mechanisms.

Step 3: Assess whether the GDPR will be undermined under any laws and/or practices in the third country (i.e., the U.S.) that are applicable to the specific data being transferred based on relevant, objective, and publicly available information.

Step 4: Identify and adopt appropriate contractual, technical, and organizational measures (supplementary

measures) if the third country’s laws lack GDPR-equivalent protection.

Step 5: Take formal procedural steps to adopt supplementary measures.

Step 6: Re-evaluate at appropriate intervals the protection afforded to the EU personal data transferred.

Whether organizations choose the New SCC or other transfer tools for cross-border transfers, they should involve their data privacy counsel to conduct the six-step TIA mandated by the EDPB.

The good news is an organization does not need to repeat the assessment every time it transfers the same specific categories of personal data to the same country outside the EU. For example, if a company regularly transfers to the U.S. a dataset with EU residents’ names, emails, and job titles, the company must complete and document a TIA specific to transferring this type of dataset to the U.S. in order to comply with the EDPB guidelines. For this specific scenario, the company can rely on the documented TIA without repeating the same process each time it transfers the data, subject to the following conditions:

-The transfer involves the same specific type of data from the EU to the same third party, i.e., the U.S. in this case,

-It continues to implement the necessary supplementary measures, and

-It re-evaluates and monitors the level of data protection afforded to this specific dataset by keeping continuous vigilance of the third country laws and practices.

Conclusion

Similar to the 2021 Suez Canal blockage that disrupted global trade, companies will feel the rippling impacts of the Schrems II decision as they operationalize and implement the New SCC. Most U.S. organizations will now need to rely on the New SCC as the primary tool for cross-border transfers. The New SCC provides a mechanism to facilitate trade, while imposing complex, ongoing contractual obligations for data protection. All organizations should thoroughly review the terms and implement supplementary measures or risk cross-border data transfers on tenuous grounds.

_________________________________________________________________

Vivien F. Peaden, CIPP/US, CIPP/E, CIPM is a technology and privacy attorney at law firm Baker Donelson. She brings her previous in-house counsel experience with one of the world’s largest management consulting firms to deliver business-oriented and practical advice on a wide range of technology transactions, data privacy, and cybersecurity issues that impact her client’s bottom line. She can be reached at vpeaden@bakerdonelson.com.

Credit: Source link

ShareTweetSendPinShare
Previous Post

5 Major Trends Transforming mPOS Terminals Market Outlook Over 2021-2027

Next Post

Tenstreet Market Index: With Turbulence Ahead, Take Advantage of Seasonal Gains

Related Posts

What did Janet Yellen say to confuse investors?
Trading

What did Janet Yellen say to confuse investors?

March 24, 2023
2
‘wow, is that a scam’
Trading

‘wow, is that a scam’

March 24, 2023
3
Inflation outlook: The Fed’s 2% target is looking increasingly unrealistic
Trading

Inflation outlook: The Fed’s 2% target is looking increasingly unrealistic

March 24, 2023
4
Argo Blockchain shares jump 100%+ after Galaxy Digital deal
Trading

Pro: Bitcoin price to hit $37,000

March 24, 2023
4
U.S. data may still be accessible for ByteDance
Trading

U.S. data may still be accessible for ByteDance

March 24, 2023
3
Next Post
Tenstreet Market Index: With Turbulence Ahead, Take Advantage of Seasonal Gains

Tenstreet Market Index: With Turbulence Ahead, Take Advantage of Seasonal Gains

Recommended

Worldcoin Launches ZK-Based Identity Solution

Worldcoin Launches ZK-Based Identity Solution

March 16, 2023
4
DAX index slips as Deutsche Bank, Porsche stocks plunges

DAX index slips as Deutsche Bank, Porsche stocks plunges

March 13, 2023
6
Binance NFT Announces Integration With Polygon Network

Binance NFT Announces Integration With Polygon Network

March 9, 2023
11
Truist’s Lerner is still overweight industrial stocks: here’s why

Truist’s Lerner is still overweight industrial stocks: here’s why

March 21, 2023
3
Industrial Chocolate Market worth US$ 97 Billion by 2033

Industrial Chocolate Market worth US$ 97 Billion by 2033

February 28, 2023
6
Your Trading Edge Magazine

This is an online news portal that aims to share the latest news about trade, finance, crypto and much more. Feel free to get in touch with us!

What’s New Here!

  • What did Janet Yellen say to confuse investors?
  • DCG Subsidiary Luno Names a New CEO in Preparation for a Public Listing
  • ‘wow, is that a scam’

Subscribe Now

Loading
  • Contact
  • Privacy Policy
  • Advertise With Us

© 2021 - ytemagazine.com - All rights reserved!

No Result
View All Result
  • Home
  • Feature
    • Market Commentary
    • Expert Advice
    • Columns
  • Trading
    • Shares and Trading
    • Technical Analysis
    • Trading Mindset
  • Crypto News
  • Finance
  • Subscribe

© 2021 - ytemagazine.com - All rights reserved!

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?