Martha Buyer V SCTC day conference 24 feb16
•Télécharger en tant que PPTX, PDF•
1 j'aime•825 vues
Is it legal to use American Cloud Services in Europe? Martha presentation at Barcelona V Consultants day. about legal aspets of the business in the cloud since american perspective
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (19)
Similaire à Martha Buyer V SCTC day conference 24 feb16
Similaire à Martha Buyer V SCTC day conference 24 feb16 (20)
Plus de Agustin Argelich Casals
Plus de Agustin Argelich Casals (20)
Dernier
Dernier (20)
Martha Buyer V SCTC day conference 24 feb16
- 1. Cloud: Is it Legal to Use American Cloud Services in Europe? Martha Buyer Law Offices of Martha Buyer, PLLC East Aurora, NY www.marthabuyer.com
- 4. Difference in Perception between EU and US • Privacy as a matter of commerce in the U.S. • Privacy as a fundamental human right in the EU • Right to be forgotten www.marthabuyer.com
- 5. Once data crosses international borders, where is it “safe?” • “it depends” • Do you know where your cloud actually is? • Guess what? It matters. www.marthabuyer.com
- 6. Schrems v. Data Protection Commissioner (Case C-362/14) • What the case means • Historical context • 2000 decision enabled U.S. companies to self-certify that company practices ensured an adequate level of protection for personal data under the EU Data Protection Directive, thus permitting the company to transfer data from the EU to the United States. • Schrems decision holds that U.S. law does not afford adequate protection to personal data www.marthabuyer.com
- 7. What’s happened since the decision (October, 2015) • Data transfers from the EU to the United States trigger the provisions of the EU Data Protection Directive and may come under scrutiny. • Many companies utilize U.S.-based cloud services • If personal data is kept outside of a U.S. jurisdiction • Knowledge of compliance regs is required • So is compliance! www.marthabuyer.com
- 8. Companies can no longer rely on “safe harbor” self-certification. • Entities need to independently verify that company transfers of personal data from the EU to the United States meet the level of data privacy protection considered adequate by the EU Data Protection Directive. • http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046 • http://ec.europa.eu/justice/data-protection/ • The European Commission recommends that entities consider using the EU- approved standard contractual clauses, the EU-approved Binding Corporate Rules, or the enumerated derogations under which data can be transferred. www.marthabuyer.com
- 9. Use of Standard Contract Clauses • two sets of standard contractual clauses for transfers from data controllers to data controllers established outside the EU/EEA • one set for the transfer to processors established outside the EU/EEA. • http://ec.europa.eu/justice/data-protection/international- transfers/transfer/index_en.htm www.marthabuyer.com
- 10. FCPA Foreign Corrupt Practices Act The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq. • The anti-bribery provisions prohibit paying foreign officials to obtain or retain business. • Accurate accounting and adequate internal controls are REQUIRED! • jurisdiction of the FCPA is far-reaching and hinges on the use of interstate commerce by a U.S. or foreign person. • Aggressive Enforcement • compliance policies to maintain watch over company actors to avoid inadvertently violating the FCPA. • http://www.justice.gov/criminal-fraud/foreign-corrupt-practices-act www.marthabuyer.com
- 11. More FCPA • Department of Justice is happy to offer opinions on compliance: U.S. Department of Justice Criminal Division, Fraud Section Attn: FCPA Coordinator Bond Building, 4th Floor 10th and Constitution Ave., NW Washington, DC 20530-0001 Fax: 202-514-7021 Email - FCPA.Fraud@usdoj.gov www.marthabuyer.com
- 12. Protecting the Jewels • WISP • Protecting data within a company’s control • Protecting data beyond the company’s walls www.marthabuyer.com