欧州データ保護委員会がプライバシーシールド無効判決についてのFAQを公開していますね
こんにちは、丸山満彦です。
欧州データ保護委員会がプライバシーシールド無効判決についてのFAQを公開していますね。
● Europa Data Protection Board (EDPB)
・2020.07.24 (news) European Data Protection Board publishes FAQ document on CJEU judgment C-311/18 (Schrems II)
質問は、
1) What did the Court rule in its judgment?
2) Does the Court’s judgment have implications on transfer tools other than the Privacy Shield?
3) Is there any grace period during which I can keep on transferring data to the U.S. without assessing my legal basis for the transfer?
4) I was transferring data to a U.S. data importer adherent to the Privacy Shield, what should I do now?
5) I am using SCCs with a data importer in the U.S., what should I do?
6) I am using Binding Corporate Rules (“BCRs”) with an entity in the U.S., what should I do?
7) What about other transfer tools under Article 46 GDPR?
8) Can I rely on one of the derogations of Article 49 GDPR to transfer data to the U.S.?
9) Can I continue to use SCCs or BCRs to transfer data to another third country than the U.S.?
10) What kind of supplementary measures can I introduce if I am using SCCs or BCRs to transfer data to third countries?
11) I am using a processor that processes data for which I am responsible as controller, how can I know if this processor transfers data to the U.S. or to another third country?
12) What can I do to keep using the services of my processor if the contract signed in accordance with Article 28.3 GDPR indicates that data may be transferred to the U.S. or to another third country?
■ 参考
● まるちゃんの情報セキュリティ気まぐれ日記
・2020.07.21 プライバシーシール無効判決後のアメリカとイギリス
・2020.07.16 EU-USのプライバシーシールドを無効にしま〜すby EU裁判所
« HIDDEN COBRAがMATAフレームワークを利用して日本企業等を攻撃した? (Kaspersky) | Main | FBIは中国で付加価値税の支払いのためにインストールが義務付けられているソフトウェアにバックドアがあるとアラートを出したみたいですね »
Comments