CoC for Cloud Service Providers is now underway

It’s been announced last week that the EU Data Protection Code of Conduct (CoC) for Cloud Service Providers is now underway. Designed as a safeguard for the international data transfers under the GDPR Article 46(2) in a post-‘Schrems II’ world, the CoC might become an interesting one by itself. At the same time, it still … Continue reading CoC for Cloud Service Providers is now underway

Do new Guidelines 07/2020 ‘on the concepts of controller and processor in the GDPR’ (‘Guidelines’) really help to identify joint controllership?

Allocating roles within a group of different actors might often become very difficult, in particular when drawing a line between joint decisions and separate ones gets tricky. Say that a parent company offers its subsidiaries to use a new uniform online platform for the processing of orders placed by customers entering into a supply contract … Continue reading Do new Guidelines 07/2020 ‘on the concepts of controller and processor in the GDPR’ (‘Guidelines’) really help to identify joint controllership?

GDPR Considerations in European – American University Research Contracts

Negotiating R&D contracts with European partners over the past 20 years has always been my favorite type of transaction work. You have the cultural differences, the time zone issue, language issues, IPR issues, liability and indemnification issues, currency issues, and other issues that add complexity to the negotiation (and ultimately management) of such transatlantic research … Continue reading GDPR Considerations in European – American University Research Contracts

Three things you should NOT do when working with data transfers in a post-‘Schrems II’ world (video)

Organizing your data transfers to 3rd countries in a post-'Schrems II' world might become a truly daunting task. But what should definitely be avoided? Learn from this short video. https://youtu.be/8dz7bYicWU0

International companies transferring personal data to multiple 3rd countries are unlikely to soon find a 100% workable approach to address ‘Schrems II’ implications.

Why I think so? It stems from a superb article written by the IAPP authors who skilfully and clearly explain (for the first time ever?) how to tackle the issues raised in the CJEU’s decision and to continue data transfer to USA based on supplemented SCC (see the link below). Just take a deeper look … Continue reading International companies transferring personal data to multiple 3rd countries are unlikely to soon find a 100% workable approach to address ‘Schrems II’ implications.

BCRs and Tetra Pak has just got them approved in Sweden

An extremely interesting development considering the recent Schrems II decision and that Tetra Pak has US operations. This is a first for the Swedish Data Protection Authority with BCRs. OneTrust has a good summary of the decision, etc., in English. Here is the decision in Swedish. Now, there is much discussions on the legality of … Continue reading BCRs and Tetra Pak has just got them approved in Sweden

Who is the controller?

An extremely well-written article from OneTrust in the context of adtech, but still I am sure will get you thinking deep.

Cookie consent banner for the SMB

There's been quite some cookie talk lately on this blog and one reason why is that I have as CEO of my little startup been looking for a cookie consent banner which costs nothing for my website. So why only now. Well, I did only have essential cookies on my website until recently which didn't … Continue reading Cookie consent banner for the SMB

Let’s get creative with cookie banners! I’m sure it’s fine?

I am seeing more and more the new type cookie banner, which basically informs you of non-essential cookies, i.e. it is not required for the essential ones which is great, however.... there is some creative engineering active which is not compliant with GDPR. I am accepting non-essential cookies, for whatever the reason on my side, … Continue reading Let’s get creative with cookie banners! I’m sure it’s fine?

The Well – Being of Privacy Professionals: A Critical Component for Success

The fields of privacy and data protection are fairly new areas of professional activity. Certainly the last generation+ has seen an explosion in job growth. The question naturally arises, then, as to whether individuals working in the area are happy and professionally satisfied. Do they derive professional satisfaction? Are they thriving? Is stress in the … Continue reading The Well – Being of Privacy Professionals: A Critical Component for Success