Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Cloud:
Is it Legal to Use American
Cloud Services in Europe?
Martha Buyer
Law Offices of Martha Buyer, PLLC
East Aurora, N...
www.marthabuyer.com
www.marthabuyer.com
Difference in Perception
between EU and US
• Privacy as a matter of commerce in the U.S.
• Privacy as a fundamental human ...
Once data crosses international borders,
where is it “safe?”
• “it depends”
• Do you know where your cloud actually is?
• ...
Schrems v. Data Protection Commissioner
(Case C-362/14)
• What the case means
• Historical context
• 2000 decision enabled...
What’s happened since the decision
(October, 2015)
• Data transfers from the EU to the United States trigger the
provision...
Companies can no longer rely on “safe
harbor” self-certification.
• Entities need to independently verify that company tra...
Use of Standard Contract Clauses
• two sets of standard contractual clauses for transfers from data
controllers to data co...
FCPA
Foreign Corrupt Practices Act
The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq.
• T...
More FCPA
• Department of Justice is happy to offer opinions on
compliance:
U.S. Department of Justice
Criminal Division, ...
Protecting the Jewels
• WISP
• Protecting data within a company’s control
• Protecting data beyond the company’s walls
www...
Thank you!
www.marthabuyer.com
Prochain SlideShare
Chargement dans…5
×

Martha Buyer V SCTC day conference 24 feb16

Is it legal to use American Cloud Services in Europe?
Martha presentation at Barcelona V Consultants day. about legal aspets of the business in the cloud since american perspective

  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

Martha Buyer V SCTC day conference 24 feb16

  1. 1. Cloud: Is it Legal to Use American Cloud Services in Europe? Martha Buyer Law Offices of Martha Buyer, PLLC East Aurora, NY www.marthabuyer.com
  2. 2. www.marthabuyer.com
  3. 3. www.marthabuyer.com
  4. 4. Difference in Perception between EU and US • Privacy as a matter of commerce in the U.S. • Privacy as a fundamental human right in the EU • Right to be forgotten www.marthabuyer.com
  5. 5. Once data crosses international borders, where is it “safe?” • “it depends” • Do you know where your cloud actually is? • Guess what? It matters. www.marthabuyer.com
  6. 6. Schrems v. Data Protection Commissioner (Case C-362/14) • What the case means • Historical context • 2000 decision enabled U.S. companies to self-certify that company practices ensured an adequate level of protection for personal data under the EU Data Protection Directive, thus permitting the company to transfer data from the EU to the United States. • Schrems decision holds that U.S. law does not afford adequate protection to personal data www.marthabuyer.com
  7. 7. What’s happened since the decision (October, 2015) • Data transfers from the EU to the United States trigger the provisions of the EU Data Protection Directive and may come under scrutiny. • Many companies utilize U.S.-based cloud services • If personal data is kept outside of a U.S. jurisdiction • Knowledge of compliance regs is required • So is compliance! www.marthabuyer.com
  8. 8. Companies can no longer rely on “safe harbor” self-certification. • Entities need to independently verify that company transfers of personal data from the EU to the United States meet the level of data privacy protection considered adequate by the EU Data Protection Directive. • http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046 • http://ec.europa.eu/justice/data-protection/ • The European Commission recommends that entities consider using the EU- approved standard contractual clauses, the EU-approved Binding Corporate Rules, or the enumerated derogations under which data can be transferred. www.marthabuyer.com
  9. 9. Use of Standard Contract Clauses • two sets of standard contractual clauses for transfers from data controllers to data controllers established outside the EU/EEA • one set for the transfer to processors established outside the EU/EEA. • http://ec.europa.eu/justice/data-protection/international- transfers/transfer/index_en.htm www.marthabuyer.com
  10. 10. FCPA Foreign Corrupt Practices Act The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq. • The anti-bribery provisions prohibit paying foreign officials to obtain or retain business. • Accurate accounting and adequate internal controls are REQUIRED! • jurisdiction of the FCPA is far-reaching and hinges on the use of interstate commerce by a U.S. or foreign person. • Aggressive Enforcement • compliance policies to maintain watch over company actors to avoid inadvertently violating the FCPA. • http://www.justice.gov/criminal-fraud/foreign-corrupt-practices-act www.marthabuyer.com
  11. 11. More FCPA • Department of Justice is happy to offer opinions on compliance: U.S. Department of Justice Criminal Division, Fraud Section Attn: FCPA Coordinator Bond Building, 4th Floor 10th and Constitution Ave., NW Washington, DC 20530-0001 Fax: 202-514-7021 Email - FCPA.Fraud@usdoj.gov www.marthabuyer.com
  12. 12. Protecting the Jewels • WISP • Protecting data within a company’s control • Protecting data beyond the company’s walls www.marthabuyer.com
  13. 13. Thank you! www.marthabuyer.com

×