International E-Discovery E-Discovery vs. German Data Protection
|
|
- Caren Bethanie Bailey
- 8 years ago
- Views:
Transcription
1 International E-Discovery E-Discovery vs. German Data Protection ABA Tech Committee April 28 30, 2010 New York, LL.M. CMS Hasche Sigle Kranhaus 1 / Im Zollhafen Cologne Germany Tel: Fax: carsten.domke@cms-hs.com C:\Documents and Settings\dalym\Local Settings\Temporary Internet Files\OLK2\ABA Tech Committee April doc
2 A INTRODUCTION... 3 B U.S. E-DISCOVERY VS. GERMAN DATA PROTECTION LAW NO GERMAN E- DISCOVERY GERMAN DATA PROTECTION BEFORE A COURT TRANSFER OF PERSONAL DATA TO THE U.S. FOR LITIGATION PURPOSES PRACTICAL MEASURES... 7 C BACKGROUND: EU DATA PROTECTION DIRECTIVE AND ART. 29 WORKING PARTY... 7 D BACKGROUND: DATA PROTECTION IN THE EU ESP. GERMANY DEFINITION OF DATA LAWFUL PROCESSING OF DATA RIGHTS OF THE INDIVIDUAL LIABILITY AND SANCTIONS APPLICABLE LAW EXPORT OF DATA OUTSIDE THE EU
3 A INTRODUCTION Transborder discovery as well as transborder data protection may create significant problems for natural or legal persons especially for multinational groups of companies that intend to comply with at least two jurisdictions. With regard to discovery and data protection, the legal systems of Germany and the U.S. follow very different approaches. While data protection plays an important role in Germany, discovery is not a big issue. For the U.S. the opposite is true. When transferring data from Germany to the U.S., data protection issues are already posing problems for companies in their regular daily business. The challenge could be even more important when companies are faced with an obligation to transfer personal data if they need to defend or raise a claim in a trial. Once again, data protection in Germany and U.S. law seem to be at odds. The conflict of laws and the extraterritorial effects of both jurisdictions recall the discussions between Germany (the EU) and the U.S. regarding the implementation of Whistleblower Channels reporting personal data from German (European) subsidiaries to U.S. parent companies. With regard to personal data to be transferred for litigation purposes, German data protection law provides for a solution. Accordingly, the conflict may be reduced to the definition of the scope of necessary data. B U.S. E-DISCOVERY VS. GERMAN DATA PROTECTION LAW While U.S. E- Discovery rules oblige companies in the U.S. as well as parent and other affiliated companies outside the U.S. to provide all kinds of data including personal data to the court, to the adverse party and its counsel, European and German data protection law in general prohibits the transfer of personal data to another legal entity as well as to countries that do not provide for an adequate level of data protection. Every processing and transfer of personal data requires a specific justification. When personal data generated in Germany is to be transferred to other countries that do not guarantee an adequate level of data protection like the U.S. additional special conditions must be fulfilled in order to legitimize the data transfer. With regard to the general principles of data processing in Germany as well as to the data transfer to the U.S., please see Section C, below. This section will concentrate on the transfer and use of personal data for litigation purposes in the U.S. in particular under the e- discovery procedure. 1. No German E- Discovery 3
4 There is no German equivalent to E-Discovery. The German Code of Civil Procedure 1 applies to general civil litigation as well as to litigations before specialized labor courts. According to the law, no party is obliged make accessible any document of possible relevance at an early or late stage of litigation. As a rule, a party must only deliver such electronic or hardcopy documents that support its case. The burden of proof lies with the party that intends to take advantage of the document. However, in particular when it comes to litigation before labor courts, the burden of proof may shift: It is generally the employer who is in possession of documents that can prove facts and circumstances. Therefore, if an employee cannot deliver documents supporting his case and if the company typically is in possession of such documents, the courts will ask the company to provide such documents. But, here too, the company will only be requested to deliver individual documents with relevance to a defined and precise question. There is no obligation to provide documents that are of general interest or that do not reply to a clearly defined question that could be relevant to the outcome of the litigation. On the contrary, requesting general facts in order to find out further facts that could be of interest ( Ausforschungsbeweis ) is inadmissible. 2. German Data Protection before a Court Already within the EU, German data protection law prohibits the transfer of personal data to another entity if there is no specific justification for the transfer. In case of litigation, the party involved may transfer personal data of third parties according to Art. 28 (1) N 2 and N 3 German Data Protection Act. 2 According to the law, the generating, processing and transfer of personal data is admissible if it serves the legitimate interests of the processor and if there are no prevailing legitimate interests on the part of the person concerned to retain the data. Accordingly, before German or EU courts, the transfer and use of data of third persons is generally possible. Only in extremely rare cases, could a person whose personal data is used claim a prevailing interest in not disclosing the data. 3. Transfer of Personal Data to the U.S. for Litigation Purposes In general, it is admissible to transfer electronic or hardcopy information from Germany to the U.S. in order to provide facts to the court. However, in practice it will be difficult to urge a German legal entity or natural person to provide such facts against their will. For the standard situation, this will have no practical consequences. If a German company or one of its affiliated companies is a party to litigation in the U.S., it has its own interests in delivering the nec- 1 Zivilprozessordnung ZPO 2 Bundesdatenschutzgesetz - BDSG 4
5 essary facts. However, in that case one obstacle could arise: With regard to the data of natural persons, German data protection law may prohibit any transfer to the U.S. a. Data Transfer to the U.S. While the transfer to and the use of personal data by the U.S. is generally subject to severe restrictions, this is not the case with litigations conducted before a court. In general, the transfer of personal data from Germany to the U.S. can only take place if the sender ensures an adequate level of data protection by way of the following: - EU Standard Contractual Clauses - Safe Harbor Certification of the receiving entity - Certified Corporate Code of Conduct. These remedies are inapplicable in the litigation situation the court or the opposing party would not agree hereto. German law takes this into account by providing for an exception to the requirement of an adequate level of data protection. Such level is dispensable if the transfer is necessary for defence or to support a claim before a court (Art. 4c (1) N 4 BDSG). Personal data may be transferred to U.S. courts, the opposing party and their counsel without any guarantee of an adequate protection level or the consent of the person concerned. Further, Art. 4c (1) N 4 BDSG does not require that the German data controller itself is party of the litigation. Accordingly, a German parent company may also transfer the data if only its U.S: subsidiary is involved in litigation. b. Scope of Discovery Although the transfer of personal data for litigation is admitted in general, information required under U.S. law will not automatically be necessary data under German data protection law. It is recognized in Germany as in the U.S. that disclosing personal data during litigation may constitute legitimate interests of a litigating party. These interests may prevail over the interests of a third party whose data is being transferred and used therefore. The German Data Protection Act provides for an explicit exception if the "exercise or defense of legal interests before a court is required" 3. 3 Ausübung oder Verteidigung von Rechtsansprüchen vor Gericht erforderlich ist Art. 4 c (1) No. 4 BDSG 5
6 The scope of discovery under German law differs significantly from that under U.S. law. The German Code of Civil Procedure has no equivalent to e-discovery or pre-trial discovery. Accordingly, from the German perspective, one would have a very restricted understanding of what should be disclosed under these procedures. Necessary information would be a limited and concentrated scope of data. However, the U.S. perspective should be decisive. The German Data Protection Act lays down that data necessary in litigation can be transferred. This means that the data must be necessary under the applicable law. If a company is involved in litigation in the U.S., necessary is defined by U.S. law, in principle. A restriction has to be made, here if fundamental principles of data protection are not respected. Please note in this context a U.S. court decision of January that did not accept the German Data Protection Act nor the Hague Convention 5 as an excuse for not disclosing information. c. Examples: Examples for situations of data transfer: A U.S. subsidiary of a group of companies with their headquarters in Germany is defending before a U.S. federal court against a claim brought by a former employee. In order to defend properly, it needs to prove facts by way of documents containing personal data on other employees, like salary, sex, place of residence or other non- sensitive information. Under German law this is possible. In the same case the U.S. subsidiary also wishes to defend its case by providing information on race/ ethnic origin, health, union affiliation or other sensitive information. This is possible under German law according to Art. 4 c (1) N 4 BDSG. Further, the U.S. subsidiary intends to transfer data sensitive and non- sensitive on the opposing party in the litigation. Again, the transfer is admitted according to Art. 4 c (1) N 4 BDSG. The information may be transferred by way of electronic documents as well as hard copies. Smoking gun information: If information that is not of direct relevance but could lead to disclosure of relevant information, the justification of the data transfer under German can be contested. German data protection law requires a necessity. 4 Accessdata Corp. v. Alste Technologies GmbH, 2010 U.S. Dist. LEXIS 4566 (D. Utah Jan. 21, 2010) 5 Hague Evidence Convention Germany ratified by Mar. 18, 1970, the U.S. by Jul. 27, Germany as well as many other European countries filed reservations regarding requests for pre-trial discovery of documents. 6
7 4. Practical measures In order to avoid conflict with German data protection law, when sending personal data from Germany, the general principles of data protection should be observed: Data avoidance not necessary personal data must not be generated, transferred used. Anonymizing must the information be attributed to a natural or identifiable person? Restriction of use the use of the data should only be permitted for purposes in the course of litigation. It may not be used for any other purpose. No onward transfer recipients (the court, the opposing party, opposing counsel) may not transfer the data to any other recipient. Deletion as soon as the data is no more needed. C BACKGROUND: EU DATA PROTECTION DIRECTIVE AND ART. 29 WORKING PARTY From A German Perspective e- discovery is a data protection issue. Therefore the following overview on the data protection legal framework in Germanys and the EU shall help to understand the German context. In 1995, the Commission adopted a Directive on Data Protection, which is concerned with the rights and freedoms of natural persons with regard to the processing of personal data. 6 The Directive applies to personal data of natural persons. The Member States complied with this Directive by adapting their national laws to its requirements. The Directive prevails in case of contradiction by national law. The European Data Privacy Law aims to conciliate two opposite interests: On the one hand, an employer or legitimate data owner has a need for free and continuous flow of data. On the other hand, the person concerned, in particular the employee has a right of respect of his personal privacy. In Europe the personality right is generally considered to be a proprietary right of each individual including also personal data. The employee as every individual has the right to know when information related to him is collected or processed. He has also the right to prohibit this collection or processing if no other interests prevail. The core of the personality right is inalienable. 6 Directive 95/46/EC of the European Parliament and of the Council (Privacy Directive) 7
8 The Art. 29 Working Party is the competent body on a European Level for all questions of international data transfer and interpretation of the EU Directive 95/46/EC. It pronounces its legal opinion by Working Papers. With regards to pre-trial discovery for cross border civil litigation it has adopted the Working Document 1/ The opinions and recommendations of this document are not legally binding. However, it can be expected that European courts will follow the arguments of the very specialized Art. 29 Working Party. D BACKGROUND: DATA PROTECTION IN THE EU ESP. GERMANY Germany complied with the Privacy Directive by amending the German Data Protection Act in While the definitions and basic rules for the dealing with personal data, criteria for data processing and the conditions of data-export are subject to EU-harmonized legislation, workplace monitoring as well as questions of codetermination of the employees representatives depend on national law. 1. Definition of data The Privacy Directive gives in its Article 2 (a) a rather broad definition for personal data: Any information relating to an identified or identifiable natural person. As a consequence as soon as an automated data processing or storage concerns an individual person the provisions of the Directive apply. The Privacy Directive distinguishes basically between normal and sensitive data. Sensitive data contains information on the ethnic origin of a person, skin color, religion, political opinions, health, or sexual preferences. Sex and marital status are not sensitive data. Normal data is all data that is not sensitive. 2. Lawful processing of data a. Principles According to the Directive personal data must be processed fairly and lawfully collected for specified, explicit and legitimate purposes adequate, relevant and not excessive in relation to the purposes accurate put out of context of an identifiable individual as soon as possible 7 Available under 8
9 b. Normal Data The collection, storage, or use of normal data is permissible if it serves the purpose of the contractual relationship. It is, however, not sufficient that the collection of the data is simply useful. Permissible is only the collection of data that is necessary for the performance of the employment agreement. The controller must specifically define the aim of the data collection. It must therefore state to what purpose the data is being collected. Examples for an employment relationship: Access control Salary calculation Personnel development Attendance times of employees Recruitment The employer may not, however, by combining data gain new information offhand which it had not previously specifically defined. If, for example, information is collected on what the employees eat in the staff restaurant, in order to take this into account for the calculation of salary, the employer may not then evaluate the eating habits of the employees and assess their health with this information. The purpose of the employment relationship justifies storing employees data with regard to sex, marital status, school, training in a trade or another occupation, vocational school/subject/graduation, and language skills, because this information is necessary for personnel planning, personnel shortages, and social selection in the case of dismissals. The purpose of the relevant employment relationship determines the restrictions on processing. Therefore, if basic information concerning remuneration and promotion as well as possible data on performance and leadership competencies are to be transmitted, this can be done without the consent of the employee, if this is important for the future development of the employment relationship. 8 The close connection of use of the normal data to the existing employment relationship and to the continuing internal employment are the two criteria for the distinction between the use of data covered by the contractual purpose and an impermissible storage of data. Personnel planning and development are examples of a prospective processing. Both of these deliberately do not focus on a specific instance, but presume a longer time period and thus take into account not only the expectations of the employer, but also the interests of the employees to avoid 8 According to Art. 7 Privacy Directive, Art. 32 BDSG 9
10 selective and thus often incidental reactions. Attention must be paid here, as there always has to be a connection to a specific employment relationship and the purpose of its processing or future development. In the individual case, it may be necessary to collect information on employees for purposes which do not clearly arise from the employment relationship. In this case, the employee s consent has to be obtained. The consent of the employee must be given in writing, and the person giving the consent must be sufficiently informed on what he is consenting to. He must also be aware of what consequences a refusal of consent would have. The consent must also be given on the basis of a free decision of the employee. This criteria, for example, is not fulfilled if the employee is put under time pressure, if several people are discussing the matter with him, or if he cannot talk to a person he trusts. However the employer is not considered to be putting the employee under pressure if it states that he is likely to be dismissed if he does not give his consent, because the data processing is indispensable for his future job. c. Sensitive Data There are special rules for sensitive data. Unlike normal data, it is not sufficient that the collection serves the purpose of the contractual relationship. Special consent of the individual is therefore required in any case. If the individual does not give his consent, vital interests of the controller or a third person are sufficient reasons to use the data. Sensitive data may also be collected and used if the individual has made the data public, e.g., if he is campaigning for a certain political party. In any event, the individual must be informed regarding the collection, storage, and use of his data. This becomes unnecessary when the individual has already learned of the collection, storage, or use of data or if informing him would be a threat to security. 3. Rights of the Individual The Privacy Directive grants different individual rights: a. Information The individual must be informed about: 9 the identity of the controller, i.e. the for the collection or the processing responsible peron the purposes of the processing for which the data are intended the recipients of the data 9 Art. 10 Privacy Directive 10
11 whether replies to the questions are obligatory or voluntary and the consequences of failure to reply the existence of the right of access and the right to rectify the data concerning him Where the data has not been obtained from the individual the controller must additionally give him information about the categories of data concerned. 10 b. Access At any time the individual has the right to obtain under fair conditions from the controller: 11 confirmation as to whether or not data relating to him are being processed communication of the data undergoing processing and of information as to their source in case of automated decision information about the system s logic c. Rectification If the data processing does not comply with the provisions of the Directive, the individual may request as appropriate the rectification, erasure or blocking as well as - if necessary - the notification of this rectification to third parties. 12 d. Objections Fundamentally, the fact that an individual could refuse to comply with or object to the collection, storage, use, or transfer of data should also be considered. Data protection law provides that the person concerned may object to the collection, storage, use, or transfer of data for uses of promotional purposes or market research. 13 In such case, the collection, storage, use, or transfer of data is not permissible. An objection from an individual may be disregarded if, in exercising an objection, it would prove contrary to the purpose of the employment agreement. The individual concerned was, after all, consciously and willingly involved in the creation of his employment agreement, so he may not simply offhandedly use data processing as an excuse to hinder the fulfilment of the employment agreement. 4. Liability and Sanctions It should be observed that the Privacy Directive guarantees an individual entitlement to compensation for damages caused by inadmissible collection, storage, use, or transfer of his per- 10 Art. 11 Privacy Directive, Art. 33 BDSG 11 Art. 12 (a) Privacy Directive 12 Art. 12 (b), (c) Privacy Directive 13 Art. 14 Privacy Directive 11
12 sonal data. 14 In addition, the Directive ensures the full implementation by obligating Member States to lay down sanctions: In Germany, the Data Privacy Protection Act provides for fines up to 300,000 in the event of certain violations by the employer. If such violations are committed with the intention of financial gain for itself or a third party or with the intention of damaging a third party, the Data Privacy Protection Act also provides for heavy fines or imprisonment for the employer. 5. Applicable law In the international transfer of personal data, two situations must be distinguished: - The transfer to other European Union Member States and - The transfer to third countries outside the EU. The applicability of a European Member State s privacy law depends on where the personal data is collected, stored, or used. The criteria for the applicable law is the establishment of the controller; i.e. the domicile of the responsible person or unit, thus the processing party. Therefore, the domicile of an individual concerned, the location of the server, or the place of the party that collected the data is irrelevant. The same rules apply when exporting data outside the EU. 6. Export of data outside the EU Because European law provides for high data protection standards, the EU identifies the danger of undermining its provisions by the export to other countries and, as a consequence, regulates this export of personal data. The aim is to guarantee under all circumstances an equivalent level of data protection. Very few exceptions are admitted in this point. Examples for data-export are: Transfer of personal data to headquarters for general strategic planning of personal development or individual career planning Transfer of employees data to parent company for global benefit plans such as stock option plans publishing employees data on the Internet or on the company s website to inform customers 14 Art. 23 Privacy Directive 12
13 Transfer and processing of employees or customers data after off-shoring this task to low cost country. Communication of personal data on the phone a. Adequate Protection Level The European Commission has decided that only a small number of countries like Hungary, Switzerland, Canada and Argentina guarantee adequate data privacy protection, with the consequence that the data transfer to these countries is possible under the same conditions as within the European Union. If there is in, the view of European law, no adequate data privacy protection as, for instance, in the U.S. - the transfer of data to third countries is generally forbidden, but permissible under certain conditions: a. The data importer is based in the U.S. and has accepted the U.S. Safe Harbor Principles b. Data exporter and data importer agreed upon the EU standard clauses c. Consent of the person concerned d. Fulfillment of other special conditions b. U.S. Safe Harbor Principles The EU Directive on Data Protection allows the transfer of personal data to non-eu countries only if these provide an adequate level of privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from the EU. Given those differences, many U.S. organizations have expressed uncertainty about the impact of the EU-required adequacy standard on personal data transfer from the European Union to the United States. To diminish this uncertainty and to provide a more predictable framework for the data transfer, the Department of Commerce has issued the Safe Harbor Privacy Principles. Those principles have been recognized by the European Commission as adequate data privacy protection. The decision by U.S. organizations to enter the Safe Harbor is entirely voluntary. Organizations that decide to participate in the Safe Harbor have to comply with the Safe Harbor's requirements and publicly declare that they do so. To be assured of Safe Harbor benefits, an organization needs to self-certify annually to the Department of Commerce in writing, that it agrees to adhere to the Safe Harbor's requirements, which includes elements such as notice, choice, access, and enforcement. It must also state in its published privacy policy statement that it adheres to the Safe Harbor. The Department of Commerce will maintain a list of all 13
14 organizations that file self-certification letters and make both the list and the self-certification letters publicly available. To qualify for the Safe Harbor, an organization can either join a self-regulatory privacy program that fulfills the Safe Harbor's requirements or develop its own self-regulatory privacy policy that conforms to the Safe Harbor. To questions of interpretation and compliance of privacy policies with the Safe Harbor Privacy Principles, U.S. law is applicable. c. EU Standard Contractual Clauses Another way to guarantee sufficient data privacy protection is to conclude a contract between the European organization, the data exporter, and its foreign parent organization, the data importer. The European Commission has adopted a decision setting out standard contractual clauses ensuring adequate safeguards for personal data transferred from the EU to countries outside the Union. 15 This decision obliges Member States to recognize that companies or organizations using such standard clauses in contracts concerning personal data transfers to countries outside the EU offer "adequate protection" to the data. The use of these standard contractual clauses is voluntary, but offers companies and organizations straightforward means of complying with their obligation to ensure "adequate protection" for personal data transferred to countries outside the EU which have not been recognized by the Commission as providing adequate protection for such data. The Commission s decision obliges the EU Member States to recognize the contractual clauses annexed to the decision as providing adequate safeguards. However, the standard contractual clauses are neither compulsory for businesses, nor the only way of lawfully transferring data to third countries. Contractual clauses are not necessary for the transfer of data to U.S. companies adhering to the Safe Harbor Privacy Principles. d. Consent of the Individual As a third way to transfer normal data outside the EU, it is furthermore possible to obtain the consent of the individual concerned. 16 This consent makes other data-protecting clauses unnecessary. Nevertheless, if sensitive data is concerned, the individuals consent is always required, notwithstanding that the company has applied the Safe Harbor Principles or used the standard 15 Decision 2001/497/EC = O.J L 181/19, see Annex for Standard Contractual Clauses; Internet: 16 Art. 4c (1) N 1 BSDG 14
15 contractual clauses. The consent must be in writing and under the conditions as described above. e. Other Possibilities of Data Transfer In several special cases, data may still be transferred to countries whose data protection regime is not adequate. 17 This includes cases in which the transfer outside the EU is necessary for the conclusion or performance of a contract in the interest of the data subjects, cases in which the transfer is required to the protection of important public interests or the defence of legal matters in court. In addition, the data protection authorities may allow such transfers on a case by case basis when they are satisfied and the data enjoys "adequate protection". f. Information about the Data Transfer The data-exporting organization generally has to inform the individual of the data-transfer, 18 and has to declare the purpose of the data transfer to the receiving organization Art. 4c BDSG 18 Art.4b (4) BDSG 19 Art.4b (6) BDSG 15
Binding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationPRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction
PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationTable of contents: ***
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationPRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
More informationEU Employment Law Euro Info Centre December 2006
EU Employment Law Euro Info Centre December 2006 CONTENTS EU Employment Law 2 1. Anti-discrimination 2 2 2 2. Equal treatment of men and women in the workplace 3 3 3 3. Fixed and part time work including
More informationData Protection Standard
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
More informationWorking Document 1/2009 on pre-trial discovery for cross border civil litigation
ARTICLE 29 DATA PROTECTION WORKING PARTY 00339/09/EN WP 158 Working Document 1/2009 on pre-trial discovery for cross border civil litigation Adopted on 11 February 2009 This Working Party was set up under
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationTHE TRANSFER OF PERSONAL DATA ABROAD
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCouncil of the European Union Brussels, 26 June 2015 (OR. en)
Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationImproving self-regulation through (law-based) Corporate Data Protection Officials *
Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationGermany. Introduction
Germany Germany Introduction The labor law of the Federal Republic of Germany covers all legal rules concerning the relationship between employers and employees and their respective organizations. Traditionally,
More informationCPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction
CPA Global North America LLC SAFE HARBOR PRIVACY POLICY Introduction CPA Global North America LLC ( CPA Global ) is the US affiliate of the world's leading intellectual property (IP) management and IP
More informationAN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA
AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA By Peter K. Yu Introduction The Internet and new communications technologies have made shopping more convenient than ever. Online
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationThe Duke Conference: Bench-Bar-Academy Distinguished Lawyers Series Protected-Privacy Data Conference
CURRENT APPROACHES TAKEN IN U.S. LITIGATION TO COMPLY WITH POTENTIALLY CONFLICTING U.S. DISCOVERY OBLIGATIONS AND EU AND OTHER FOREIGN DATA PRIVACY STATUTES David W. Ichel, Simpson Thacher & Bartlett Peter
More informationRPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015
RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,
More informationOverview of Employment and Employee Privacy Laws and Key Trends in Austria
P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationLAW FOR PROTECTION OF PERSONAL DATA
LAW FOR PROTECTION OF PERSONAL DATA Prom. SG. 1/4 Jan 2002, amend. SG. 70/10 Aug 2004, amend. SG. 93/19 Oct 2004, amend. SG. 43/20 May 2005, amend. SG. 103/23 Dec 2005, amend. SG. 30/11 Apr 2006, amend.
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationUS DISCOVERY PROCEEDINGS: IMPLICATIONS FOR FRENCH BUSINESSES
US DISCOVERY PROCEEDINGS: IMPLICATIONS FOR FRENCH BUSINESSES May 11, 2012 Bijan E. Eghbal, Paris Browning E. Marean, San Diego Carol A.F. Umhoefer, Paris Agenda I. Overview of US discovery and document
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationUnder European law teleradiology is both a health service and an information society service.
ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)
More informationLegal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird)
Legal Aspects of Cloud Computing Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird) Agenda Cloud Computing Overview Role Play on Hot Topics SAAS versus on-premise software licensing
More informationReprinted with permission of the authors and the Association of Corporate Counsel as it originally appeared: Lawrence Ryz and Tracey Stretton, EU
Reprinted with permission of the authors and the Association of Corporate Counsel as it originally appeared: Lawrence Ryz and Tracey Stretton, EU Data Protection Gains A Sword To Go With Its Shield, ACC
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationTHE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION
CLIENT MEMORANDUM THE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION The ICC Report analyzes the use of binding
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationFIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION
FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate
More informationPROTECTION OF PERSONAL INFORMATION BILL
REPUBLIC OF SOUTH AFRICA PROTECTION OF PERSONAL INFORMATION BILL (As amended by the Portfolio Committee on Justice and Constitutional Development (National Assembly) after consideration of proposed National
More informationCode of Conduct. Code of Conduct, 2009 Version 1.0
Code of Conduct Code of Conduct, 2009 Version 1.0 Contents A. Introduction... 3 B. Application of the Code... 3 C. Basic Rules of Conduct... 4 Avoidance of Conflicts of Interest... 5 Mutual Respect...
More informationSAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014
SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions
More informationGENERAL TERMS OF PURCHASE of Globe Chemicals GmbH valid for contracts with merchants effective May 1 st, 2005
GENERAL TERMS OF PURCHASE of Globe Chemicals GmbH valid for contracts with merchants effective May 1 st, 2005 1. General 1.1 The terms of purchase set out below are valid for all also future purchases
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationAct to Implement Certain Legal Instruments in the Field of International Family Law (International Family Law Procedure Act IFLPA)
Act to Implement Certain Legal Instruments in the Field of International Family Law (International Family Law Procedure Act IFLPA) in the version of the promulgation of 26 January 2005 (Federal Law Gazette
More informationIn force as of 15 March 2005 based on decision by the President of NIB ARBITRATION REGULATIONS
In force as of 15 March 2005 based on decision by the President of NIB ARBITRATION REGULATIONS Contents I. SCOPE OF APPLICATION... 4 1 Purpose of these Regulations... 4 2 Applicability to different staff
More informationUniversity of Liverpool Online Programmes - Privacy Policy for Visitors and Students
University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University
More informationPersonal Data Act (523/1999)
1 NB: Unofficial translation Personal Data Act (523/1999) Chapter 1 General provisions Section 1 Objectives The objectives of this Act are to implement, in the processing of personal data, the protection
More informationBalancing Discovery with EU Data Protection in International Arbitration Proceedings By Karin Retzer and Sherman Kahn
Balancing Discovery with EU Data Protection in International Arbitration Proceedings By Karin Retzer and Sherman Kahn As many organizations facing cross-border litigation know too well, U.S. discovery
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3
COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of
More informationMexico. Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López. Von Wobeser y Sierra, S.C.
Mexico Rodolfo Trampe, Jorge Díaz, José Palomar and Carlos López Market overview 1 What kinds of outsourcing take place in your jurisdiction? In Mexico, a subcontracting regime (understood as the regime
More informationARTICLE 29 - DATA PROTECTION WORKING PARTY
ARTICLE 29 - DATA PROTECTION WORKING PARTY 11639/02/EN WP 74 Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate
More informationA Primer for Data-Protection Principles in the European Union
A Primer for Data-Protection Principles in the European Union Harvey L. Kaplan Mark W. Cowing Gabriel P. Egli Shook, Hardy & Bacon L.L.P. 2555 Grand Boulevard Kansas City, Missouri, USA 64108-2613 (816)
More informationPrivacy Policy documents for
Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General
More informationExecutive summary and overview of the national report for Denmark
Executive summary and overview of the national report for Denmark Section I Summary of findings There is no special legislation concerning damages for breach of EC or national competition law in Denmark,
More informationCode of Conduct. Version 3, November 2009 BSCI 2.3-11/09
Code of Conduct Version 3, November 2009 BSCI 2.3-11/09 All rights reserved. No part of this publication may be reproduced, translated, stored in a retrieval system, or transmitted, in any form or by any
More information1. General questions. 2. Personal data protection rights of employees PERSONAL DATA PROTECTION FAQ
PERSONAL DATA PROTECTION FAQ These Frequently Asked Questions are broken down into three parts: Part 1 contains answers to general questions on personal data protection. Part 2 is about employees personal
More informationThe primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationDelegations will find attached a set of Presidency drafting suggestions concerning Articles 1-3 of the above proposal, as well as the Recitals.
COUNCIL OF THE EUROPEAN UNION Brussels, 11 February 2010 6092/10 Interinstitutional File: 2008/0140 (CNS) SOC 75 JAI 108 MI 39 NOTE from : The Presidency to : The Working Party on Social Questions on :
More informationCloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationProposal for a COUNCIL REGULATION (EU) implementing enhanced cooperation in the area of the law applicable to divorce and legal separation
EUROPEAN COMMISSION Proposal for a Brussels, 24.3.2010 COM(2010) 105 final 2010/0067 (CNS) C7-0315/10 COUNCIL REGULATION (EU) implementing enhanced cooperation in the area of the law applicable to divorce
More informationCOMITE MARITIME INTERNATIONAL THE IMPLEMENTATION IN NATIONAL LAW OF MANDATORY INSURANCE PROVISIONS IN INTERNATIONAL CONVENTIONS
Esplanade 6, 20354 Hamburg Telefon: 040/350 97-0 Telefax: 040/350 97 211 E-Mail: Info@Seerecht.de www.seerecht.de COMITE MARITIME INTERNATIONAL THE IMPLEMENTATION IN NATIONAL LAW OF MANDATORY INSURANCE
More informationE-Discovery and EU Data Protection laws
Robert Bond robert.bond@speechlys.com Alexander Carter-Silk alexander.carter-silk@speechlys.com IP, Technology & Data Group E-Discovery and EU Data Protection laws Alex Carter-Silk, Partner, IP, Technology
More informationInformation Technology - Switzerland
Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
EUROPEAN COMMISSION Brussels, 6.11.2015 COM(2015) 566 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the Transfer of Personal Data from the EU to the United States
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationIntroduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery
Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationPROTECTION OF PERSONAL INFORMATION BILL
REPUBLIC OF SOUTH AFRICA PROTECTION OF PERSONAL INFORMATION BILL (As introduced in the National Assembly (proposed section 7); explanatory summary of Bill published in Government Gazette No. 3249 of 14
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationData Protection, Software Licenses and other Legal Issues in the Cloud
Data Protection, Software Licenses and other Legal Issues in the Cloud Dr. Hendrik Schöttle Rechtsanwalt, Fachanwalt für IT-Recht OSDC 2012, Nuremberg 26. April 2012 Overview Introduction Data Protection
More informationInternational Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States
International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presentation to: Ninth Annual Pharmaceutical Regulatory and Compliance
More informationMaking a cross border claim in the EU
Making a cross border claim in the EU serving the community through the administration of justice Using the European Order for Payment procedure or the European Small Claims procedure Version: 2.0 Date
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationFederal Criminal Court
No person... shall be compelled in any criminal case to be a witness against himself nor be deprived of life, liberty or property without due process of law. Amendment V. Defendant may not be compelled
More information