On September 28, 2020, the U.S. Department of Commerce (DoC) published a white paper co-authored by the U.S. Department of Justice (DoJ) and the Office of the Director of National Intelligence (white paper)[1] which provides information on the safeguards under U.S. law to limit the collection of data from private companies by U.S. intelligence services. The white paper addresses concerns raised by the EU Court of Justice (ECJ) when it invalidated the EU-U.S. Privacy Shield framework (Privacy Shield) and imposed certain conditions on the use of Standard Contractual Clauses (SCCs).
Continue Reading U.S. Government Publishes White Paper on International Data Transfers Following Schrems 2.0 Judgment
Roberto Yunquera Sehwani
European Commission Calls for a Common Approach to COVID-19 Apps and Anonymized Data Use
Posted in Cybersecurity, Privacy
On April 8, 2020, the European Commission (the Commission) released its recommendation for a pan-EU approach on the use of technology and data to combat the COVID-19 pandemic (the Recommendation).
The Commission calls for the creation of a “toolbox” consisting of practical measures taken at the EU level to address the use of mobile applications to inform individuals or monitor infected persons (COVID-19 mobile apps) and address the use of anonymized population data to analyze the evolution of the pandemic in the EU. While the Recommendation does not specify the measures to be included in the toolbox, it provides a roadmap to promote the harmonization of these measures across all EU member states.
Continue Reading European Commission Calls for a Common Approach to COVID-19 Apps and Anonymized Data Use
On the Final Publication of the Danish Standard Contractual Clauses for Vendor Agreements: A New Standard?
By Jan Dhont & Roberto Yunquera Sehwani on
Posted in European Union, Privacy
On December 10, 2019, the Danish Supervisory Authority (SA) published its final version of Standard Contractual Clauses (SCCs) that data controllers and processors may use to satisfy the General Data Protection Regulation (GDPR) obligation to enter into a data processing agreement.
The Danish SCCs have been reviewed and approved by the European Data Protection Board (EDPB). Accordingly, they constitute an official template containing the contractual provisions that the Danish SA and the EDPB consider important. Because the Danish SCCs have been examined by all EU Supervisory Authorities and approved by the EDPB, they may become the model for data processing agreements across the EU.
Continue Reading On the Final Publication of the Danish Standard Contractual Clauses for Vendor Agreements: A New Standard?