Last week I attended the IAPP Global Summit (the IAPP’s annual privacy bash), featuring privacy luminaries as keynote speakers and dozens of privacy-focused sessions. One particularly good session was about the proliferation of standard contractual clauses (SCCs) that permit cross-border data transfers. This session coincided with the Future of Privacy Forum’s release of a report … Read More » about Not-So-Standard Contractual Clauses
Drafting a GDPR-compliant data processing agreement (DPA) should be dead simple. After all, GDPR Art. 28 provides a specific roadmap of what to include. Yet DPAs – which are required under the GDPR whenever a processor is processing personal data on behalf of a controller – can sometimes be the tail that wags the dog … Read More » about Top Five Pain Points in Data Processing Agreements
If you’ve been in the privacy business for long enough, you may recall when the Safe Harbor Framework permitted the free flow of personal data between the EU and the United States. Those halcyon days lasted from 2009 until 2015. In 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor … Read More » about A “New” Privacy Shield?