Earlier today, the Article 29 Working Party published new guidance on data processor BCRs, the significance of which “cannot be overstated,” writes Phil Lee, CIPP/E, for Privacy and Information Law Blog. That’s because the updated document offers guidance on how processor BCR companies should respond to government requests for access to data, Lee writes, a topic of great contention in Europe since the Snowden revelations. It puts companies in a catch-22, because it suggests companies receiving a government request for data put the request on hold and share with the relevant European DPA—something which may not be possible under foreign legal requirements. Editor’s Note: Angelique Carson, CIPP/US, recently wrote about First Data, the first company to win approval from the ICO for both controller and processor BCRs.
If you want to comment on this post, you need to login.