SCCs

Update of the Application for Approval and Guiding Principles for the Controller Binding Corporate Rules (BCR-C)

On the 20th of June 2023 the European Data Protection Board (EDPB) adopted the recommendations 01/2022 on the application for approval and on the elements and principles to be found in the Controller Binding Corporate Rules (BCRs or more specific BCR-C, Art. 47 GDPR). The decision to update some of the principles and guidelines to […]

Francesca Romana Di Costanzo | 14. September 2023 | Allgemein | BCR, Binding Corporate Rules, Controller, EDPB, English Posts, International Data Transfer, SCCs, Schrems II

New regime for data transfers from China to third countries

February 2023 was a busy month for China’s data protection regulator and supervisory authority – the Cyberspace Administration of China (CAC). This month marks the end of the six-month grace period for the Regulation of Security Assessment for Outbound Data Transfer (hereinafter referred to as the “Regulation”). With the Regulation now fully in force, companies […]

Lu Yu | 3. Mai 2023 | Internationaler Datenschutz | China, Chinese SCCs, Cyberspace Administration of China, data transfer, English Posts, SCCs

Vertrag_gemeinsam_Unterschrift_Joint_Controller_AdobeStock_404416385

„Old“ Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)

The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these „new“ SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]

Markus Strasser | 28. Oktober 2022 | Allgemein, Internationaler Datenschutz | English Posts, European Commission, GDPR, International Data Transfer, SCCs, standard contractual clauses, TIA

Österreichische DSB hält Einsatz von Google Analytics für nicht DSGVO-konform

Als der EuGH im Juli 2020 sein „Schrems II“-Urteil verkündete und darin feststellte, dass eine Übermittlung an US-Provider, die unter FISA 702 und EO 12.333 fallen, regelmäßig dazu führt, dass ein angemessenes Datenschutzniveau nicht gewährleistet werden kann, da das „Privacy Shield“ mit dem Urteil für ungültig erklärte wurde, war das Entsetzen zunächst groß. Gleichzeit bestätigte […]

Peter Hübener | 26. Januar 2022 | Allgemein | Angemessenheitsbeschluss, Art. 49 Absatz 1 lit. a DSGVO, Datenschutzkonferenz, DSGVO-konform, Geeignete Garantien, Google Analytics, Österreichische DSB, SCCs, Schrems II, Standardvertragsklauseln

International transfers: The new EDPB Guidelines 05/2021: Ending the discussion about the new SCCs and recital 7?

The European Data Protection Board adopted new Guidelines (05/2021) on the interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR on 18 November 2021. These Guidelines aim to assist controllers and processors in the EU in identifying whether a processing operation constitutes an international […]

Kristina von Paczinsky und Tenczin | 10. Dezember 2021 | Internationaler Datenschutz | Adventskalender, Criteria for transfer of personal data to a third country, EDPB Guidelines, English Posts, SCCs

Daten_Verschluesseln_Data_Protection_Schloss_AdobeStock_283119182

Encryption measures validated by the Belgian Council of State as an additional measure to the transfer of personal data outside of the EEA

The Flemish Authorities initially considered the specific encryption tools as a valid supplementary measure in addition to the European Standard contractual clauses (SCCs). The measure was applied by a European branch of a US company using AWS cloud. The decision was confirmed by the Belgian Council of State upon a formal complaint of a third […]

Francesca Romana Di Costanzo | 19. Oktober 2021 | Internationaler Datenschutz, Rechtsprechung | additional measures, Belgian Council of State, English Posts, personal data, SCC, SCCs, Schrems II