The Risk Manager. Additional Resources. The Latest News on Managing Your Risk. May 2016 INCREASED LIABILITY IN THE FACE OF UNCERTAIN DATA REGULATIONS
|
|
- James Garrison
- 5 years ago
- Views:
Transcription
1 The Risk Manager The Latest News on Managing Your Risk May 2016 INCREASED LIABILITY IN THE FACE OF UNCERTAIN DATA REGULATIONS By Beata Aldridge The new Privacy Shield and other proposed changes to European privacy regulations expand compliance obligations and increase the likelihood of facing enforcement actions. In 2000, after the adoption of European Directive 95/46/EC, the European Commission and the US Department of Commerce agreed to the original Safe Harbor Framework which allowed companies to transfer data from the European Union to the United States while remaining in compliance with EU privacy laws. In its October 2015 judgement in Maximillian Schrems v. Data Protection Commissioner, the European Court of Justice ( ECJ ) invalidated the Safe Harbor Framework, however, based on concerns over widespread surveillance by the US government and the lack of adequate redress for European citizens in case of privacy violations in the United States. 1 1 Schrems v. Data Protection Commissioner, European Court of Justice, Case C-362/14, Oct. 6, 2015, &mode=req&pageIndex=1&dir=&occ=first&part=1 &text=&doclang=en&cid= Additional Resources For more information on how Beecher Carlson can help with your insurance needs please contact: Christopher Keegan ckeegan@beechercarlson.com ABOUT BEECHER CARLSON S EXECUTIVE LIABILITY PRACTICE Beecher Carlson s Executive Liability Practice is comprised of experienced and knowledgeable attorneys, brokers, and claims advisors dedicated to identifying your risks and best positioning you in the marketplace. Our forward thinking practice was the first to provide revolutionizing analysis of our clients Directors & Officers and Cyber risks.
2 The United States and the European Union have been in the process of negotiating a new framework for some time. In February 2016, the EU Commission unveiled a detailed draft of the proposed Privacy Shield which would again allow the legal transfer of personal data from the European Union to the United States. 2 The European Commission has described the Privacy Shield as impos[ing] stronger obligations on U.S. companies and requiring the United States to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. 3 The new framework, broadly described, includes the following requirements: Greater transparency from US companies Increased oversight from the FTC, US Department of Commerce, European Data Protection Authorities ( DPAs ), and other US government agencies Increased threat of sanctions or exclusion of non-compliant companies More restrictive conditions for onward transfers of data What Do These Changes Mean in Practice? The new Privacy Shield is actually substantially similar to the Safe Harbor in a number of ways. 4 Companies still self-certify. Companies must cooperate with the European National Data Protection Authorities. It shares the same methods and standards for verification of compliance (e.g. selfassessment or outside review). It shares certain exceptions for journalistic contexts, secondary liability for ISPs, and data handled in the course of due diligence and audits. There are, however, several important differences that may translate to increased compliance obligations and heightened legal exposure. 2 European Commission, Implementing Decision, para12-13, p.3, [hereinafter Privacy Shield ] February 29, The Commission finds that the Privacy Shield would ensure an adequate level of protection for personal data and that it would meet the standards laid out by the ECJ in Schrems, Id European Commission, EU-U.S. Privacy Shield Fact Sheet, February 2016, 4 Compare Commission Decision No. 2000/520/EC (Safe Harbor Framework), 2000 O.J. L 217/7, Annex II FAQ 7, with Privacy Shield, Supplemental Principle on Verification, Annex II, p (Nearly identical texts). 2
3 1. Increased notice and access requirements In addition to information about the types of data collected and the purpose of its collection, organizations must also publish detailed information about their adherence to the Privacy Shield Principles, independent and governmental recourse mechanisms available to individuals, and the personal information required to be shared with local authorities in response to lawful requests. Previously when discussing the obligation to provide an individual with access to his or her own data, the Safe Harbor emphasized balancing the cost to the company with the risk of a privacy violation. Now the Privacy Shield instead emphasizes an individual s right to access, verify, and correct his or her data allowing fewer situations under which a company may restrict an individual s access. 2. Increased restrictions on the onward transfer of data Contracts (or binding corporate agreements) are now obligatory for all onward transfers of data whether the data is being transferred purely for processing to an agent or to another controller. The contracts must provide the same level of protection as the Privacy Principles and ensure that the data will be used only for limited and specified purposes consistent with the individual s consent. Where before such contracts would effectively insulate Safe Harborcompliant companies from liability in the event that data was mishandled by a third party, now companies remain liable for the actions of third party recipients of the data and must affirmatively prove that they are not responsible for the violation. 3. Increased number of redress mechanisms for European citizens Companies must respond directly to complaints received directly from European citizens within forty-five days. They must also provide an independent dispute resolution mechanism free of charge. 5 Consumers may also refer complaints to their national DPA or other privacy protection organizations which may then work directly with the company to resolve the complaint or further refer the complaint to the Department of Commerce. With the passage of the Judicial Redress Act in February 2016, 6 European citizens now also have the same rights as American citizens to judicial redress in the case of privacy breaches Increased role of the FTC and Department of Commerce in administering and enforcing the Privacy Shield The Department of Commerce, the FTC, and the Department of Transportation have all committed to greater efforts in monitoring and enforcing compliance with the Privacy Shield. Before any companies are placed on the Privacy Shield list, the Department of Commerce will verify that their self-certification submissions are complete. The Department will also engage in stronger monitoring of compliance with existing Safe Harbor orders. 5 Previously, this recourse mechanism was only required to be affordable. Safe Harbor FAQ 11, p It is also an important piece of the negotiations for the Umbrella Agreement between the EU and the US, which will govern the transfer and sharing of personal data for law enforcement. 3
4 The Privacy Shield has also more explicitly expanded the scope of enforcement to other government agencies within the United States. Where the Safe Harbor focused mainly on the enforcement of the framework under Article 5 of the Federal Trade Commission Act or similar statute, the Privacy Shield focuses on enforcement by the FTC, Department of Transportation, or other appropriate enforcement agency. This language may potentially extend the power to state authorities as well as other federal agencies to bring claims of deceptive business practices for violations of the Privacy Shield. Possible Changes to Liability Under the new framework, companies may face a greater possibility for legal exposure due to US regulators commitment to be more proactive about enforcement of the Privacy Shield, the increased role of EU regulators in monitoring and resolving complaints, and the increased ability of European citizens to inform authorities and pursue private actions. Organizations will need to review the language in their technology E&O policies to determine if non-compliance with the Safe Harbor or the Privacy Shield requires notification of insurers. They should also review policies to ensure that regulatory investigations by both US and EU authorities are covered and make sure that the definition of a claim includes alternative dispute resolution proceedings. What Should Companies Do in the Meantime? approval. Until a new framework is finalized, companies may rely on other data transfer mechanisms to ensure the protection of personal data like model contract clauses 8 and binding corporate rules. National DPAs have indicated that alternative data transfer mechanisms will not be contested for the time being and any complaints will be considered on a case-by-case basis. If the situation remains unresolved for long, however, organizations may face the challenge of complying with varying national standards and possible enforcement actions from multiple authorities. 9 Companies should also keep in mind that they are still obligated to protect any data previously transferred under the Safe Harbor that is still stored by the company in the United States. They also need to review onward transfer agreements and make sure that contracts with third-party vendors also ensure an adequate level of protection for personal data. 8 The DPAs have stated that they will not contest existing alternative data transfer mechanisms for the time being, however, Schrems has filed legal challenges to Facebook s use of model clauses. 9 In the Schrems ruling, the ECJ made it clear that national DPAs were not required to accept the adequacy determinations of the EU Commission and that they still had the right to suspend data transfers to countries deemed to violate their data privacy standards. The Privacy Shield has still not received final 4
5 Continuing Changes to the Regulatory Landscape The Article 29 Working Party has criticized the Privacy Shield 10 and wants to insert a revision clause that would allow the Privacy Shield to be updated as European data privacy regulations evolve meaning that compliance obligations for US enterprises could also be continually evolving. Even if the Privacy Shield is eventually adopted, it is likely that it will face immediate legal challenges. 11 Legality Rather Doubtful, Says German DPA, THE PRIVACY ADVISOR, Mar. 21, 2016, (quoting Johannes Caspar). 12 Moreover, the EU Commission has also recently adopted a new General Data Privacy Regulation (GDPR) that will supersede Directive 95/46/EC taking effect in The GDPR contains new, additional requirements that may invalidate all current data transfer mechanisms; even if the Privacy Shield passes in its current form, companies may again need to modify their data transfer mechanisms within the span of a few years. Remaining compliant with the Safe Harbor and Privacy Shield will make it easier for organizations to adapt to any new changes. 10 The criticisms relate more to mass U.S. government surveillance than to the handling of consumer data by commercial enterprises. 11 These challenges may come both from activist DPAs as well as from consumer groups. The German DPA has said that he finds it doubtful that the Privacy Shield will meet thigh level of requirements the ECJ postulated in the Schrems ruling. David Meyer, Privacy Shield This article is intended for informational purposes only. It is not a guarantee of coverage and should not be used as a substitute for an individualized assessment of one s need for insurance or alternative risk services. Nor should it be relied upon as legal advice, which should only be rendered by a competent attorney familiar with the facts and circumstances of a particular matter. Copyright Beecher Carlson Insurance Services, LLC. All Rights Reserved. 5
Globalaw-MCI Webinar Tuesday, 12 July at 4 pm CEST. Featured Speakers. Karin McGinnis Susanne Klein LL.M. Dr. Benno Barnitzke LL.M.
Globalaw-MCI Webinar Tuesday, 12 July at 4 pm CEST Featured Speakers Karin McGinnis Susanne Klein LL.M. Dr. Benno Barnitzke LL.M. David Marchese Attorney, Member, Moore & Van Allen, PLLC, USA Rechtsanwältin
More informationPrivacy Shield. A New and Improved Safe Harbor. briefing
Privacy Shield A New briefing The European Commission adopted its much anticipated decision on the EU- US Privacy Shield ( Privacy Shield ) on 12 July 2016. The Privacy Shield was developed jointly by
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, COMMISSION DECISION of pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe
More informationThe European Court of Justice Invalidated EU/US Safe Harbor: What Does the Future Hold?
Association of Corporate Counsel NJ and Lowenstein Sandler LLP The European Court of Justice Invalidated EU/US Safe Harbor: What Does the Future Hold? Presented by: November 20, 2015 Mary J. Hildebrand,
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING PAPER
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 13.02.2002 SEC(2002) 196 COMMISSION STAFF WORKING PAPER The application of Commission Decision 520/2000/EC of 26 July 2000 pursuant to Directive 95/46 of
More informationPractising Law Institute: Privacy Shield Boot Camp
Practising Law Institute: Privacy Shield Boot Camp Substantive Differences Between Safe Harbor and Privacy Shield Panel 2 September 12, 2016 Baker & McKenzie LLP is a member firm of Baker & McKenzie International,
More informationDRAFT MOTION FOR A RESOLUTION
European Parliament 2014-2019 Committee on Civil Liberties, Justice and Home Affairs 2018/2645(RSP) 10.4.2018 DRAFT MOTION FOR A RESOLUTION to wind up the debate on the statement by the Commission pursuant
More informationDATA PROCESSING ADDENDUM
This Data Processing Addendum (the DPA ) forms part of Telia Bedriftsavtale or other written or electronic agreement between the Parties for the purchase of telecommunication services, and regulates any
More informationPrivacy Source EU-U.S. Privacy Shield Passes First Annual Review
Privacy Source EU-U.S. Privacy Shield Passes First Annual Review Privacy Shield, the EU-U.S. data transfer agreement used by over 2,400 companies, recently passed its first annual review. This means the
More informationXimedica, LLC Privacy Shield Policy
Ximedica, LLC Privacy Shield Policy This Privacy Shield Policy (the " Policy ") sets forth the privacy principles that Ximedica ( the Company ) follows with respect to transfers of personal information
More informationCustomer means any EEA entity that registers for or purchases products or services from SDL or SDL EEA Entities.
SDL Inc. : EU-US Privacy Shield Notice Policy version: 1.01 Effective Date: 26 September 2016 The SDL Group of companies is an international commercial organization which due to the nature of modern business
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING DOCUMENT
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 20.10.2004 SEC (2004) 1323 COMMISSION STAFF WORKING DOCUMENT The implementation of Commission Decision 520/2000/EC on the adequate protection of
More informationInternational data transfers and Schrems White & Case. Aqeel Kadri and Tim Hickman
International data transfers and Schrems White & Case Aqeel Kadri and Tim Hickman 9 March 2016 Overview of EU data protection law Currently, each EU Member State has its own national data protection law,
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationInteum EU or Switzerland Safe Harbor Policy
Inteum EU or Switzerland Safe Harbor Policy EU or Switzerland Safe Harbor Policy Inteum (hereinafter the "Company") respects individual privacy and values the confidence of their customers, employees,
More informationWhat U.S.- Based Investment Advisers Should Know
BulletPoint June 2018 What U.S.- Based Investment Advisers Should Know The European Union s ( EU ) General Data Protection Regulation (the GDPR ) became effective on May 25, 2018, and provides individuals
More informationMichael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationThe Allied Group Privacy Shield Policy
The Allied Group Privacy Shield Policy The Allied Group, Inc. ("Allied") has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection.
More informationROSETTA STONE LTD. PROCESSING ADDENDUM
ROSETTA STONE LTD. PROCESSING ADDENDUM This Data Processing Addendum (this DPA ) forms part of the order document(s) (each a Service Order ) and Services Agreement (collectively, the Agreement ), entered
More informationJOINT MOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0623/2016 } B8-0633/2016 } B8-0639/2016 } B8-0643/2016 } B8-0644/2016 } RC1 24.5.2016 JOINT MOTION FOR A RESOLUTION pursuant to Rule 123(2) and (4) of the
More informationEU U.S. Privacy Shield First annual Joint Review
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 255 EU U.S. Privacy Shield First annual Joint Review Adopted on 28 November 2017 This Working Party was set up under Article 29 of Directive 95/46/EC.
More informationStandard contractual clauses for the transfer of personal data to third countries - Frequently asked questions
MEMO/05/3 Brussels, 7 January 2005 Standard contractual clauses for the transfer of personal data to third countries - Frequently asked questions Directive 95/46/EC, on the protection of individuals with
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum ( DPA ) forms part of the Agreement(s) and is entered by and between the Customer and the Service Provider on the Effective Date. For the avoidance
More informationPrivacy Shield Notice
PRIVACY SHIELD NOTICE Fidelity National Information Services, Inc. ( FIS ) created this ( Notice ) to help you learn about how we handle Personal Data transferred to FIS in the United States from the European
More informationOverview of the EU - U.S. Privacy Shield Framework
Overview of the EU - U.S. Privacy Shield Framework CLIENT GUIDE May 2018 By Terry Ahearn & Stuart Bartow Cyber Security & Data Protection 4300 Bohannon Drive Suite 230 Menlo Park, CA 94025 650.391.1395
More informationData protection legislation back to the drawing board?
Brexit Law your business, the EU and the way ahead Data protection legislation back to the drawing board? Overview April 2017 Protecting the privacy of individuals has become increasingly important as
More informationInternational Privacy Day Global Privacy , the Year of Reform
International Privacy Day Global Privacy - 2016, the Year of Reform Global Privacy 2016, the year of further reform by Candice Holland Director, Deloitte Legal Happy New Year! With the 28th of January
More informationRecent privacy legislation in the European Union has posed specific
Recent Developments in EU Employee Data Privacy Law SEBASTIEN DUCAMP, CHERYL TAMA OBLANDER, AND HEATHER BENNO The authors explain how U.S. businesses with operations in Europe can reduce the risk of liability
More informationBREXIT AND DATA PROTECTION Q & A
BREXIT AND DATA PROTECTION Q & A What happens now? The UK decision to leave the EU will not affect existing data protection and privacy laws in the UK. These laws (the UK Data Protection Act 1998 (DPA)
More informationA GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 2
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com A GDPR Primer For U.S.-Based Cos. Handling
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the End User License and Services Agreement (the Agreement ) between Customer and Ivanti, to reflect the parties agreement about
More informationPrivacy vs Data Protection: The Impact of EU Data Protection Legislation
Privacy vs Data Protection: The Impact of EU Data Protection Legislation Thomas Rivera / Hitachi Data Systems Original Author: SNIA Security TWG SNIA Legal Notice The material contained in this tutorial
More informationEffective flow of personal data post-brexit
Effective flow of personal data post-brexit Implications for capital markets April 2018 Association for Financial Markets in Europe www.afme.eu GDPR Background Contents Executive Summary... 3 1 GDPR Background...
More informationPaul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP
HOW TO NAVIGATE THE LANDSCAPE OF GLOBAL PRIVACY AND DATA PROTECTION Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP Topics to Cover General Concepts Increased U.S. enforcement activity
More information***II POSITION OF THE EUROPEAN PARLIAMENT
EUROPEAN PARLIAMENT 1999 2004 Consolidated legislative document 14 May 2002 1998/0245(COD) PE2 ***II POSITION OF THE EUROPEAN PARLIAMENT adopted at second reading on 14 May 2002 with a view to the adoption
More informationMOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0305/2018 26.6.2018 MOTION FOR A RESOLUTION to wind up the debate on the statement by the Commission pursuant to Rule 123(2) of the Rules of Procedure on
More informationTIFFANY AND COMPANY: EU-U.S. PRIVACY SHIELD PRIVACY POLICY - CONSUMER DATA
Last Updated: September 20, 2016 Tiffany and Company ( Tiffany ) respects your concerns about privacy. Tiffany participates in the EU-U.S. Privacy Shield ( Privacy Shield ) framework issued by the U.S.
More informationData Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team
Data Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team The University of Nottingham ( the University ) Tri-Campus Data Transfer Policy Background and Statement of
More informationEven If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law
Even If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force,
More informationTwilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)
Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018) Once fully executed, this DPA forms a part of the agreement
More informationWorking Party on the Protection of Individuals with regard to the Processing of Personal Data
EUROPEAN COMMISSION DIRECTORATE GENERAL XV Internal Market and Financial Services Free movement of information, company law and financial information Free movement of information and data protection, including
More informationData Processing Appendix
Company Name* Execution Date *Company name indicated must conform to the name on customer s Master Subscription Agreement executed with SugarCRM. This Data Processing Appendix on the processing of personal
More informationGDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS
GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum
More informationTHE IRON MOUNTAIN GDPR JARGON BUSTER
THE IRON MOUNTAIN GDPR JARGON BUSTER DON T KNOW YOUR BCRS FROM YOUR DPOS? IF SO, YOU RE NOT ALONE. The new EU General Data Protection Regulation (GDPR for short, and yet another set of initials you ll
More informationThe contract is important so that both parties understand their responsibilities and liabilities.
Contracts At a glance Whenever a controller uses a processor it needs to have a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.8
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 2017 All copyright in these materials are reserved to AEA International
More informationThe EU-US Privacy Shield: A How-To Guide
July 19, 2016 The EU-US Privacy Shield: A How-To Guide Published in Law360 The EU safe harbor framework, unveiled in 2000, allowed certified U.S. companies to receive personal data of EU residents in compliance
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationNavigating Cross Border Document Transfers in Investigations. Privacy Considerations and Practical Tips
Navigating Cross Border Document Transfers in Investigations Privacy Considerations and Practical Tips 1 Key Perspectives Europe: privacy is a fundamental right The object of laws on processing of personal
More informationImpact of the European General Data Protection Regulation on U.S. M&A
CLIENT MEMORANDUM Impact of the European General Data Protection Regulation on U.S. M&A March 26, 2018 The winds of change will shortly sweep across the data privacy landscape in the European Union ( E.U.
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM (European Union GDPR) (May 2018) This Data Processing Addendum ( DPA ) forms part of the Pancake Laboratories Inc, DBA ShortStack.com ( ShortStack) Terms and Conditions (https://www.shortstack.com/terms-andconditions/),
More information5)Confirmation of Reservation a form confirming acceptation of the Reservation Fee.
RULES & REGULATIONS FOR APARTMENTS PLACED ON THE WEBSITE WWW.TURNAU.EU RENTAL/RESERVATIONS Online service Internet portal located at the electronic address: WWW.TURNAU.EU is maintained by GT Grupa Sp.
More informationU.S. Consumer Financial Services Regulation: What to Expect in 2016
U.S. Consumer Financial Services Regulation: What to Expect in 2016 Digital Payments Intensive April 13, 2016 Andrew J. Lorentz No. 1 RULEMAKING BY ENFORCEMENT 2 Rulemaking by enforcement New Consumer
More informationEU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )
EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 ) October 26, 2017 Version 4.01 David Rosenthal (david.rosenthal@homburger.ch) Updates and more infos: http://www.homburger.ch/dataprotection
More informationGeomni, Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy
Geomni, Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy Last Updated: November 29, 2017 Geomni, Inc. ( Geomni ) respects your concerns about privacy. Geomni participates in the EU- U.S. Privacy Shield
More informationRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR Richard Campo, CISM GRC Consultant IT Governance Ltd 1 Sept 2016 www.itgovernance.co.uk TM Introduction Richard Campo GRC consultant Data protection
More informationTerms of Business Agreement (Risk Transfer)
Terms of Business Agreement (Risk Transfer) An Agreement dated governing the conduct of Insurance Business between: and Unicorn Underwriting Limited whose registered office / principal place of business
More informationCover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name
The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability Cover option 2 MedInnovation Boston Subtitle or Company Name June 25, 2018 Colin J. Zick Month Day,
More informationThe Marketing Arm Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy
The Marketing Arm Inc. EU-U.S. Privacy Shield: Consumer Privacy Policy Last Updated: November 17, 2016 The Marketing Arm Inc. ( TMA ) respect your concerns about privacy. TMA participates in the EU-U.S.
More informationLegal Risk Management Anticipating and Pre-Empting Legal Problems
International In-house Counsel Journal Vol. 3, No. 10, Winter 2010, 1 1 Legal Risk Management Anticipating and Pre-Empting Legal Problems AURELIA DRAGOMIRESCU Director, Legal, Vodafone, Romania Legal service
More informationFitbit, Inc.: EU-U.S. Privacy Shield Privacy Policy - Consumer Data
Fitbit, Inc.: EU-U.S. Privacy Shield Privacy Policy - Consumer Data Last Updated: September 28, 2016 Fitbit, Inc. ( Fitbit ) respects your concerns about privacy. Fitbit participates in the EU-U.S. Privacy
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA or Agreement ), entered into by the CPI customer identified on the applicable CPI services agreement for CPI services ( Customer ) and the
More informationDDB. EU/Swiss-U.S. Privacy Shield: Consumer Privacy Policy
DDB EU/Swiss-U.S. Privacy Shield: Consumer Privacy Policy Last Updated: April 10, 2018 DDB Worldwide Communications Group Inc. and its affiliates TLP, Inc. (d/b/a Tracy Locke), Interbrand Corporation and
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May 25, 2018. Bench
More informationTerms and Conditions
Terms and Conditions 1. Preamble Gold Standard for the Global Goals is a standard to quantify and certify impacts toward climate security and the Sustainable Development Goals. It was created by the Gold
More informationData protection clauses in commercial contracts. Amy Chandler & Paul Jonson
Data protection clauses in commercial contracts Amy Chandler & Paul Jonson Data controller/data processor 1. A company engages a payroll company to process payslips and make payments to its employees.
More informationADVERTISING PURCHASE AGREEMENT TERMS AND CONDITIONS
ADVERTISING PURCHASE AGREEMENT TERMS AND CONDITIONS POLITICO LLC ("Politico") and the person, firm or entity, including, but not limited to, advertisers ("Advertiser"), their buying agencies ("Agency")
More informationTHE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL
THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL THIS PROTOCOL is dated 2018 BETWEEN (1) The Chancellor, Masters, and Scholars of the University of Cambridge of The Old Schools,
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationANNEX II. SHORT FORM CO FOR THE NOTIFICATION OF A CONCENTRATION PURSUANT TO REGULATION (EC) No 139/2004
ANNEX II SHORT FORM CO FOR THE NOTIFICATION OF A CONCENTRATION PURSUANT TO REGULATION (EC) No 139/2004 1. INTRODUCTION 1.1. The purpose of the Short Form CO The Short Form CO specifies the information
More informationGrab Fair Play Rewards Programme
Grab Fair Play Rewards Programme Programme Terms of Use Your participation in the Grab Fair Play Rewards Programme is voluntary. By submitting a fraud vulnerability to Grabtaxi Holdings Pte Ltd (Company
More informationAGENCY: Commodity Futures Trading Commission. SUMMARY: The Commodity Futures Trading Commission (Commission or CFTC) is
This document is scheduled to be published in the Federal Register on 03/25/2015 and available online at http://federalregister.gov/a/2015-06687, and on FDsys.gov 6351-01-P COMMODITY FUTURES TRADING COMMISSION
More informationDATA HANDLING AGREEMENT
DATA HANDLING AGREEMENT This agreement is for the provision of the transfer of school data between the School, Wonde and approved third party applications. Wonde Ltd a company registered in England under
More informationData Protection Post-Brexit
Brexit Law your business, the EU and the way ahead Data Protection Post-Brexit What to expect and how to prepare March 2019 Understanding the practical implications of Brexit for data protection compliance,
More informationData protection and transfer
Brexit Quick Brief #5 Data protection and transfer Key points The movement of personal data between locations is an integral part of modern banking operations. Financial services firms store and process
More informationEMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES
... 1 A. Ecolab s Commitment to Data Privacy... 3 B. Definitions... 3 C. Scope... 4 D. Data Privacy Principles... 4 E. Application of Local Law... 5 F. Human Resources Data Collected... 6 G. Purposes of
More informationThis document is meant purely as a documentation tool and the institutions do not assume any liability for its contents
2003R1745 EN 18.01.2012 002.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B REGULATION (EC) No 1745/2003 OF THE EUROPEAN
More informationAttachment C New York State Energy Research and Development Authority ( NYSERDA ) AGREEMENT
Attachment C New York State Energy Research and Development Authority ( NYSERDA ) 1. Agreement Number: 2. Subgrantee: 3. Project Contact: 4. Effective Date: _/ /2016 5. Total Amount of Award: $ 6. Project
More informationTerms and Conditions of N26 Bank GmbH for the Product N26 Invest (Statement: Juli 2016)
Disclaimer: The following is only a translation for your convenience; only the German documents are legally binding. This applies to all of our legal documents. Terms and Conditions of N26 Bank GmbH for
More informationIntermediary Registration
Intermediary Registration Please complete this form in full and email back to us. Firm or Network Name Contact Email FCA Number Contact Name Name of Professional Indemnity Insurance Provider Professional
More informationEfficiency Maine Business Incentive Program Terms & Conditions
Efficiency Maine Business Incentive Program Terms & Conditions 1. INCENTIVES FOR QUALIFYING ECMS a) Efficiency Maine will award financial incentives to Eligible Customers for the purchase and installation
More informationChapter 1 General Provisions
Strategic Goods Act 1 Passed 17 December 2003 (RT 2 I 2004, 2, 7), entered into force 5 February 2004, Chapter 1 General Provisions 1. Scope of application (1) This Act regulates: 1) the export of strategic
More information(recast) (Text with EEA relevance)
29.3.2014 Official Journal of the European Union L 96/107 DIRECTIVE 2014/31/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 February 2014 on the harmonisation of the laws of the Member States relating
More informationStandard Terms and Conditions of the Revolving Credit Card Agreement
Effective from 2 October 2017 Standard Terms and Conditions of the Revolving Credit Card Agreement Terms and definitions In addition to the terms and definitions below, the terms and conditions refer to
More informationINTERNATIONAL COURT OF ARBITRATION LEADING DISPUTE RESOLUTION WORLDWIDE. Rules of ICC
INTERNATIONAL COURT OF ARBITRATION LEADING DISPUTE RESOLUTION WORLDWIDE Rules of ICC as Appointing Authority in UNCITRAL or Other Arbitration Proceedings International Chamber of Commerce (ICC) 33-43 avenue
More informationDATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses) This Data Processing Agreement ("DPA") forms part of the Master Services and Subscription Agreement between Customer and
More informationGeneral Terms and Conditions regarding training courses and campaigns and/or projects of Schreibmotorik Institut e.v.
Schreibmotorik Institut Schwanweg 1 90562 Heroldsberg 1). General General Terms and Conditions regarding training courses and campaigns and/or projects of Schreibmotorik Institut e.v. 1.1). The conditions
More informationFRAMEWORK FOR CONSUMER PRIVACY LEGISLATION
FRAMEWORK FOR CONSUMER PRIVACY LEGISLATION OBJECTIVES This framework is a call to action: The United States should adopt a national privacy law that protects consumers by expanding their current rights
More informationPURCHASE ORDER TERMS AND CONDITIONS
PURCHASE ORDER TERMS AND CONDITIONS 1. SUPPLY OF GOODS AND/OR SERVICES 1.1 In consideration or payment of the Price by the Company, the Contractor must supply the Goods and/or provide the Services to the
More informationStatement of Compliance with IOSCO Principles. Citigroup Global Markets Limited
Statement of Compliance with IOSCO Principles Citigroup Global Markets Limited June 2017 Introduction: Statement of Compliance Citigroup Global Markets Limited ( CGML ) develops, calculates, publishes,
More informationUnderstanding your fiduciary responsibilities for retirement plans
Understanding your fiduciary responsibilities for retirement plans An overview of the fiduciary s role and frequently asked questions about it When you are a trustee or serve on an investment committee
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement (the DPA ), entered into by the Customer and the company Ganttic OÜ (company registration number 11979702) having its registered office at Lai tn
More informationCode of Conduct for Copyright Collecting Societies
Code of Conduct for Copyright Collecting Societies Amended: 20 March 2017 Page 1 CONTENTS 1. INTRODUCTION 3 1.1 Background 3 1.2 Scope 4 1.3 Objectives 4 2. OBLIGATIONS OF COLLECTING SOCIETIES 5 2.1 Legal
More informationCONTENTS. KLRCA ARBITRATION RULES (As revised in 2017) UNCITRAL ARBITRATION RULES (As revised in 2013) SCHEDULES. Part I. Part II.
CONTENTS Part I KLRCA ARBITRATION RULES (As revised in 2017) Part II UNCITRAL ARBITRATION RULES (As revised in 2013) Part III SCHEDULES Copyright of the KLRCA First edition MODEL ARBITRATION CLAUSE Any
More informationWorking With You: Broker Guide. Get started. UK guide January 2015
1/ Working With You: Broker Guide Get started UK guide January 2015 Intro Contents Glossary Legal disclaimer Welcome 01/ We ve been providing premium finance facilities for almost four decades now, and
More informationBE PREPARED FOR THE NEW EU DATA REGULATION
BE PREPARED FOR THE NEW EU DATA REGULATION TECHNOLOGY MAY-RATHON Pulina Whitaker Dr. Axel Spies Charles Dauthier May 12, 2016 2016 Morgan, Lewis & Bockius LLP SECTION 01 EU-US DATA TRANSFER EU-US Data
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationPERMANENT COURT OF ARBITRATION OPTIONAL RULES FOR ARBITRATION INVOLVING INTERNATIONAL ORGANIZATIONS AND STATES
PERMANENT COURT OF ARBITRATION OPTIONAL RULES FOR ARBITRATION INVOLVING INTERNATIONAL ORGANIZATIONS AND STATES 93 OPTIONAL ARBITRATION RULES INTERNATIONAL ORGANIZATIONS AND STATES CONTENTS Introduction
More informationPERMANENT COURT OF ARBITRATION OPTIONAL RULES FOR ARBITRATION BETWEEN INTERNATIONAL ORGANIZATIONS AND PRIVATE PARTIES
PERMANENT COURT OF ARBITRATION OPTIONAL RULES FOR ARBITRATION BETWEEN INTERNATIONAL ORGANIZATIONS AND PRIVATE PARTIES 119 OPTIONAL ARBITRATION RULES INT L ORGANIZATIONS AND PRIVATE PARTIES CONTENTS Introduction
More information