Spanish DPA Gives Guidance on Data Transfers to US post-Safe Harbor
Sterling Miller
CEO, Three-Time General Counsel, Author, Keynote Speaker - currently CEO & Senior Counsel at Hilgers Graben PLLC.
The Spanish Data Protection Authority has given guidance to companies looking to transfer personal data out of Spain and to the U.S. now that the Safe Harbor agreement has gone by the way side. Basically, its the usual list of mechanisms and circumstances that allow personal data transfers. Key is that companies have until January 26, 2016 to get their house in order. To read the article, click here. This supports statements by the Article 29 Working Party regarding some breathing room for U.S. companies to get the appropriate arrangements in place. Hopefully, the US/EU will enact a new Safe Harbor agreement soon. In the meanwhile, the standard contract clauses appear to be the best way forward. If anyone has a list of which EU DPAs require notification of the clause, please share that. I know that some do and some do not. See also my legal blog "Ten Things You Need to Know as In-House Counsel" and my posts on Safe Harbor and Data Privacy Essentials.
Data Privacy Officer (retired)
9 年This list of countries that require prior approval before using Model Contracts seems to be a well kept secret. It is difficult to get a clear and current answer on this relating to all 28 EU Member States. It would be ideal when the EU Commission would publish a reliable overview on its website.