Last updated: 
1 week 2 days ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Data exports: update in 2017

Friday, July 29, 2016 - 16:02

The latest announcement from the Article 29 Working Party on the US-EU Privacy Shield also suggests that there shouldn't be any short-term surprises for those using the other justifications for exporting personal data to the USA. The European Court judgment that invalidated the Safe Harbor agreement in 2015 was concerned, among other things, with the level of US state access to EU citizens' personal data. The Working Party noted that those concerns applied equally to other forms of transfer to the US, including Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs), and planned to comment on those in January 2016.

That commentary never appeared. Instead, as part of the Privacy Shield agreement, the US government has undertaken to limit its access and provide more opportunities for Europeans to obtain remedies. The Working Party has now said that it will review those undertakings in a year's time, and report on their effect on all export mechanisms, not just the Privacy Shield.

Until then, it appears that the UK Information Commissioner's assurance in February stands: that "organisations can continue to use other tools such as SCCs and BCRs for transfers to the USA" in compliance with UK law.