EU Law: General Data Protection Regulation (GDPR) Flashcards
1
Q
What option used to be valid for protecting the transfer of personal information between the European Union and other nations?
A
EU/US Privacy Shield; used to be able to transfer data under the safe harbor provisions of the EU-U.S. Privacy Shield
2
Q
What are the valid options for protecting the transfer of personal information between the European Union and other nations? (3)
A
-
Adequacy Decisions
- state that a specific non-EU country or territory provides an adequate level of data protection that is essentially equivalent to the protection provided within the EU
- if country receives an adequacy decision, it is considered a “safe” destination for personal data transfers from the EU without the need for additional safeguards or agreements
-
Standard Contractual Clauses (SCCs)
- templates or sets of contractual terms and conditions approved by the European Commission
- include specific safeguards and requirements to ensure that personal data transferred outside the EU is adequately protected
-
Binding Corporate Rules (BCRs)
- set of data protection rules and practices that multinational organizations develop and apply internally
- legally binding and must be approved by the relevant data protection authority in the EU
3
Q
Entities are allowed to gather and process privacy data belonging to EU citizens if what conditions are met?
A
- their own country has nationwide laws that comply with the EU laws
- the entity creates contractual language that complies with the EU laws and has that language approved by each EU country from which the entity wishes to gather citizen data
- the entity voluntarily subscribes to its own nation’s Privacy Shield program (assuming that program is found acceptable by the EU authorities)
4
Q
What made possible to transfer data between EU and U.S., but was struck down by the Schrems II decision?
A
Safe Harbor provisions of the EU-U.S. Privacy Shield
