Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements? Do the Article 28 clauses ensure compliance with […]
International
Alston & Bird Publishes 10 Key Takeaways from the New Standard Contractual Clauses
As highlighted by this blog on Friday, the European Commission has published long-awaited Standard Contractual Clauses (SCCs). These represent the first updates to the SCCs in over a decade, with the last updates having been made in 2010. Alston & Bird partner Wim Nauwelaerts has now published an advisory titled “10 Key Takeaways from the […]
European Commission Publishes Long-Awaited New Standard Contractual Clauses
Today, the European Commission published finalized versions of new Standard Contractual Clauses (SCCs). The Commission has published two sets of clauses: A set of SCCs to be used in controller-to-processor situations in conjunction with Art. 28 GDPR “data processor” terms applicable to such situations. A more general set of modular SCCs that can be used […]
Swire Report Addresses EU Data Localization Comments, Portuguese Order Restricting U.S. Data Flow
In November, the European Data Protection Board (EDPB) issued draft guidance regarding transfers of personal data from the European Union. That guidance has prompted nearly 200 comments from companies, trade groups, and interested observers. Senior Counsel Peter Swire, along with co-author DeBrae Kennedy-Mayo, has now published a report reviewing these comments through the Cross Border […]
The GDPR Reaches the US Supreme Court in Cert Petition
The EU’s General Data Protection Regulation (GDPR) has been raised in a petition for certiorari before the US Supreme Court, apparently for the first time since the GDPR entered into application in 2018. A party in Vesuvius USA Corp. v. Phillips has filed a petition for certiorari in a GDPR-related discovery dispute. Of course, since […]