Data Transfers/Safe Harbor/Privacy Shield
Subscribe to Data Transfers/Safe Harbor/Privacy Shield's Posts

Safe Harbor: Still Alive, Well and Producing Corporate-Wide Privacy Management Programs

More than 4,000 U.S.-based multinational companies have selected the U.S. – E.U. Safe Harbor Program as the preferred compliance mechanism for international data transfers from the E.U. to the U.S.  Recent transatlantic surveillance politics between the European Union and the United States have, however, focused a controversial spotlight on the Safe Harbor Program.  In the world of international personal data transfer regulation, the Safe Harbor Program has become a cause célèbre in the E.U.-U.S. trade discussions and in political commentary by E.U. data protection regulators.  Despite the political wrangling, European data protection officials are unlikely to eliminate the benefits of the Safe Harbor Program without offering an alternative program that recognizes the work of companies in implementing E.U.-compliant data protection programs.

For more information on this subject, see “EU Privacy Safe Harbor Still Alive and Well, With Implications for Enterprise Risk Management,” written by Ann Killilea and published by Thomson Reuters Practical International Corporate Finance Strategies, November 15, 2013.




read more

Italian Data Protection Authority Releases New Guidelines and Requirements for Customer Call Centres Based Outside the European Union

New legal requirements have been introduced as part of the Italian Data Protection Authority (IDPA) guidelines on the processing of personal data by call centers based outside the European Union.

One of the most significant changes is that companies wishing to operate their customer care services via call centres based outside the European Union will now be required to notify the IDPA in advance.

The new guidelines have been put in place in order to establish specific rules to manage the use of call centers, which have become increasingly popular with companies in the past few years, primarily because of their perceived efficiency and cost-savings advantages.

Many companies have adopted the call center approach for their customer service operations, which necessitates the transfer, processing and storage of personal data.  When the call centre is based, and its operations are carried out, outside the European Union, there is an increased risk to the security of this data.

For this reason, the guidelines require that the Data Controller, i.e., the company based in Italy that is operating its customer services through a call centre outside Italy,

  • Adopts at least one of the mandatory approaches to legally transferring personal data outside the European Union, e.g., Safe Harbor, Standard EU Commission Clauses or binding corporate rules
  • Implements specific security measures to prevent the risk of loss, theft or unlawful processing of personal data.

The guidelines outline specific structures and features for customer services management systems and provide detailed precautions to be applied to communications equipment used by call centre personnel.

Once the guidelines have been published in the Italian Official Gazette, any company wishing to locate its customer care or call centre services outside Italy will be required to file a notification with the IDPA.  The IDPA might prescribe specific requirements with which the company will have to comply in order to obtain permission, or give recommendations aimed at ensuring ongoing compliance.  There will be a specific procedure and paperwork for applying for permission and complying with the IDPA’s requirements.

Companies that already operate customer services through call centres based outside the European Union will be required to notify the IDPA within 30 days of the publication of the guidelines in the Italian Official Gazette.




read more

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law