On April 19, the European Union’s Article 29 Working Party adopted Explanatory Document WP204 on processor Binding Corporate Rules (BCRs). Processor BCRs provide a new avenue for data controllers to transfer EU personal data to processors (such as cloud service providers) located in third countries not considered to ensure an adequate level of protection under the 1995 EU Data Protection Directive. The Article 29 Working Party, noting the success of controller BCRs and citing the “growing interest of industry in such a tool,” provided initial guidance on processor BCRs in June 2012 through Working Document WP195 (which we previously covered here). WP195 presented a “toolbox” that laid out the criteria for approval of processor BCRs, as well as explanatory notes on the content expected in the processor BCRs. As of January 1, 2013, the EU began accepting applications for approval of processor BCRs.
The Article 29 Working Party on 6 June 2012 adopted Working Paper WP 195 as a new “toolbox” with recommendations for Binding Corporate Rules (BCRs) for data processors.
Are BCRs the key to global interoperability? Some think so at the IAPP London conference. This post discusses opinions from conference presenters — will BCRs will become more and more popular as corporations implement new accountability measures, or will they fade under the weight of continued bureaucracy?
Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.
Hogan Privacy and Data Security Co-Chair Chris Wolf recently gave an interview on recent developments under the EU-US Safe Harbor to Nymity that was published in its free online newsletter. The interview is accessible through this blog entry.