Compliance & EthicsProfessional

®

a publication of the society of corporate compliance and ethics www.corporatecompliance.org

March

2017

51Behavioral

ethics: From nudges to

normsScott Killingsworth

45 Product integrity: Some compliance principles

for engineering organizations

Laurie Burgett

29 11 tips for engaging

middle managers on complianceCraig Thomas and Monica Locklear

39Five tactics to

dramatically improve your Code of Conduct

Kirsten Liston and Meghan Daniels

Meet Ryan Meade

Director, Center for Compliance Studies

Loyola University Chicago School of Law

See page 16

This article, published in Compliance & Ethics Professional, appears here with permission from the Society of Corporate Compliance & Ethics. Call SCCE at +1 952 933 4977 or 888 277 4977 with reprint requests.

+1 952 933 4977 or 888 277 4977 www.corporatecompliance.org 27

Com

pli

ance

& E

thic

s P

rofe

ssio

nal

®

Feb

ruar

y 20

17

Compliance & Ethics Institute

The Society of Corporate Compliance & Ethics 16th Annual

October 15-18, 2017 · Caesars Palace

Early BirdRegister by June 5 to Save up to

$575

Learn more and register at complianceethicsinstitute.org

Join us in Las Vegas! 1700+ ATTENDEES

8 LEARNING TRACKS

150+ SPEAKERS

100+ SESSIONS

AGENDA NOW AVAILABLE

Since the fall of the Safe Harbor regime in October 2015, and notwithstanding Privacy Shield, we have seen a rise in

the popularity of the EU Standard Contractual Clauses (SCCs). Presenting clients with Data

Processing Agreements alongside SCCs has become standard practice for major US-based service providers.

But the SCCs are now under threat in the European Court of Justice (CJEU) and challenged by the same arguments that brought down Safe Harbor.

The legal challengeTo explain the background to the legal challenge of the SCCs, the European Charter of Fundamental Rights (Charter) gives individuals certain rights, such as the rights to:

· respect for private life and family life, home, and communications under Article 7;

· the protection of personal data under Article 8; and

· an effective remedy for violation of Charter rights under Article 47.

Safe Harbor was brought down by the argument that there was significant over-reach of indiscriminate state surveillance practices in the U.S. without appropriate safeguards. Such practices were inconsistent with Articles 7, 8, and 47 of the Charter, and the U.S. was held not to provide adequate protection of the personal data of EU citizens. The same arguments form the basis of the complaint against the SCCs. The SCCs are a contract

that guarantees adequate safeguards for EU citizens’ personal data in any country.

What can we expect next? Depending on what the courts decide, we might see the following changes to the SCCs:

· more detailed contractual provisions about EU citizens’ rights and recourse mechanisms;

· rights directly enforceable by EU citizens; · submission of the non-EEA data importer

to the jurisdiction by EU authorities; · mandatory notification of SCCs and

register of data importers; · mandatory use of encryption for data

in transit; · a list of countries which are deemed

by the Commission as not providing adequate protection due to excessive surveillance; and

· bilateral treaties in relation to the safeguarding of EU citizens’ personal data with third countries. ✵

Robert Bond (robert.bond@bristows.com) Partner & Notary Public, Bristows LLP in London, UK.

by Robert Bond, CCEP

Will the EU Model Clause survive?

EU COMPLIANCE AND REGULATION

Bond

Safe Harbor was brought down by the argument that there was significant over-

reach of indiscriminate state surveillance practices in the

U.S. without appropriate safeguards.