Model clauses no substitute for 'safe harbour' data transfers to the US, says German watchdog Businesses relying on European Commission-approved model contract clauses to transfer personal data from the EU to the US should terminate or suspend those arrangements, a German data protection watchdog has said. [...] The Schleswig-Holstein authority said that when applying the findings of the CJEU's judgment to data transfers made on the basis of model clauses, such transfers are "no longer permitted". It said there needs to be "comprehensive change" to US law to ensure that there is adequate data protection provided for when personal data is transferred from the EU to the US. [...] Munich-based data protection law expert Stephan Appt of Pinsent Masons said Germany's data protection authorities met to discuss the CJEU's ruling last week with a view to reaching a consistent view on the issue of EU-US data transfers ahead of the Working Party meeting. "The fact that the Schleswig DPA has now issued this paper either means that this reflects – at least to some extent – the joint position of all German DPAs or that it is just keen on getting in the headlines first with an extreme position," Appt said. "The position paper also seems to be extreme in the sense that the Schleswig DPA opines that data subjects are actually not in a position to declare valid consent in data transfers to countries where there is a risk of mass surveillance by intelligence agencies, as this would be contrary to the fundamental personality right enjoyed by people in Germany which, the DPA claims, an individual cannot waive, as a matter of legal principle." <http://www.out-law.com/en/articles/2015/october/model-clauses-no-substitute-...> On 14/10/2015 12:05, Guido Noto La Diega wrote:
Further to its initial public statement regarding the ECJ Safe Harbor judgement, the Austrian DPA has released an update, clarifying its position that, for the time being, the Austrian DPA will accept EU Model Clauses or Binding Corporate Rules as basis for transfers of personal data to the USA. Wheras the use of both EU Model Clauses or Binding Corporate Rules requires an approval of the DPA for the specific case of data transfer, there is at least clarity now that EU Model Clauses and Binding Corporate Rules are accepted as legal basis for obtaining approval in Austria. http://www.technologyslegaledge.com/2015/10/13/austria-update-by-the-dpa-reg...
Sent from my iPhone
On 11/ott/2015, at 15:57, Alessandro Mantelero <alessandro.mantelero@polito.it> wrote:
Marco, il mio era un discorso generale sull'art. 25 e sul permanere (a mio parere) della sua rilevanza nel sistema di data protection. Questo in risposta al rilievo di Guido. Non era dunque riferito alla specifica eventualità di una nuova decisione sui flussi EU-US, che comunque è in fase avanzata di discussione.
AM
On Sun, 11 Oct 2015 16:29:21 +0200 Marco Ciurcina <ciurcina@studiolegale.it> wrote:
In data sabato 10 ottobre 2015 18:45:04, Alessandro Mantelero ha scritto:
Se la Commissione adotta una decisione ai sensi del 25(6) solo la ECJ potrà dichiararla invalida, aprendo la strada poi alla valutazione di adeguatezza delle DPAs (garanti). La via dunque, in presenza di decisione, non è così breve. Mi domando se sia probabile che la Commissione adotti una nuova decisione che non sia più che solidissima. Mi domando anche se, secondo gli orientamenti giurisprudenziali della Corte UE, si possa dimostrare che dalla illegittima decisione 2000/520/CE è derivato un danno per i cittadini europei e se ci siano gli estremi perchè questi promuovano un'azione di risarcimento nei confronti della Commissione Europea. m.c. -- Prof. Avv. Alessandro Mantelero Politecnico di Torino
Nexa Center for Internet and Society | Director of Privacy Politecnico di Torino–Tongji University| Coordinator, Double Degree program in Management and IP Law Nanjing University of Information Science and Technology | Part-time Expert, School of Public Administration
http://staff.polito.it/alessandro.mantelero @mantelero
EMAIL POLICY: twice a day (Mon-Fri)
nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa