Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningfagfællebedømt

Standard

Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield. / Corrales Compagnucci, Marcelo; Minssen, Timo; Seitz, Claudia; Aboy, Mateo.

I: European Pharmaceutical Law Review, Bind 4, Nr. 3, 12.11.2020, s. 153-160.

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningfagfællebedømt

Harvard

Corrales Compagnucci, M, Minssen, T, Seitz, C & Aboy, M 2020, 'Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield', European Pharmaceutical Law Review, bind 4, nr. 3, s. 153-160.

APA

Corrales Compagnucci, M., Minssen, T., Seitz, C., & Aboy, M. (2020). Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield. European Pharmaceutical Law Review, 4(3), 153-160.

Vancouver

Corrales Compagnucci M, Minssen T, Seitz C, Aboy M. Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield. European Pharmaceutical Law Review. 2020 nov 12;4(3):153-160.

Author

Corrales Compagnucci, Marcelo ; Minssen, Timo ; Seitz, Claudia ; Aboy, Mateo. / Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield. I: European Pharmaceutical Law Review. 2020 ; Bind 4, Nr. 3. s. 153-160.

Bibtex

@article{62f93cd3b7c846b884b1ab3be60095c2,
title = "Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield",
abstract = "This article analyzes the impact and associated legal challenges of cross-border data transfers in the pharmaceutical sector after the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). In Schrems II, the CJEU invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield Framework. That said, the Court also found that the European Commission Decision 2010/87 on standard contractual clauses (SCCs) for the transfer of personal data to processors established in third countries is still valid. The ruling has resulted in significant uncertainty and liability risks for organizations that depend on EU-US cross-border transfers of personal data such as pharmaceutical companies (data controllers) engaged in global clinical trials and their technology providers for endpoint collection and data transfer (processors). In light of these challenges, this paper discusses the need for sustainable practices and a legally sound regulatory environment for data transfer. To mitigate risks and uncertainties, we stress the need for updated SCCs guidelines and argue inter alia for the adoption of contractual frameworks which incorporate SCCs with a robust information security management system (ISMS) and a privacy information management system (PIMS) to ensure an appropriate level of data protection.",
keywords = "Faculty of Law, medical data, international transfer, privacy, GDPR",
author = "{Corrales Compagnucci}, Marcelo and Timo Minssen and Claudia Seitz and Mateo Aboy",
year = "2020",
month = "11",
day = "12",
language = "English",
volume = "4",
pages = "153--160",
journal = "European Pharmaceutical Law Review",
issn = "2511-7157",
publisher = "Lexxion",
number = "3",

}

RIS

TY - JOUR

T1 - Lost on the High Seas without a Safe Harbor or a Shield? Navigating Cross-Border Data Transfers in the Pharmaceutical Sector After Schrems II Invalidation of the EU-US Privacy Shield

AU - Corrales Compagnucci, Marcelo

AU - Minssen, Timo

AU - Seitz, Claudia

AU - Aboy, Mateo

PY - 2020/11/12

Y1 - 2020/11/12

N2 - This article analyzes the impact and associated legal challenges of cross-border data transfers in the pharmaceutical sector after the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). In Schrems II, the CJEU invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield Framework. That said, the Court also found that the European Commission Decision 2010/87 on standard contractual clauses (SCCs) for the transfer of personal data to processors established in third countries is still valid. The ruling has resulted in significant uncertainty and liability risks for organizations that depend on EU-US cross-border transfers of personal data such as pharmaceutical companies (data controllers) engaged in global clinical trials and their technology providers for endpoint collection and data transfer (processors). In light of these challenges, this paper discusses the need for sustainable practices and a legally sound regulatory environment for data transfer. To mitigate risks and uncertainties, we stress the need for updated SCCs guidelines and argue inter alia for the adoption of contractual frameworks which incorporate SCCs with a robust information security management system (ISMS) and a privacy information management system (PIMS) to ensure an appropriate level of data protection.

AB - This article analyzes the impact and associated legal challenges of cross-border data transfers in the pharmaceutical sector after the recent Court of Justice of the European Union (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II). In Schrems II, the CJEU invalidated Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield Framework. That said, the Court also found that the European Commission Decision 2010/87 on standard contractual clauses (SCCs) for the transfer of personal data to processors established in third countries is still valid. The ruling has resulted in significant uncertainty and liability risks for organizations that depend on EU-US cross-border transfers of personal data such as pharmaceutical companies (data controllers) engaged in global clinical trials and their technology providers for endpoint collection and data transfer (processors). In light of these challenges, this paper discusses the need for sustainable practices and a legally sound regulatory environment for data transfer. To mitigate risks and uncertainties, we stress the need for updated SCCs guidelines and argue inter alia for the adoption of contractual frameworks which incorporate SCCs with a robust information security management system (ISMS) and a privacy information management system (PIMS) to ensure an appropriate level of data protection.

KW - Faculty of Law

KW - medical data

KW - international transfer

KW - privacy

KW - GDPR

M3 - Journal article

VL - 4

SP - 153

EP - 160

JO - European Pharmaceutical Law Review

JF - European Pharmaceutical Law Review

SN - 2511-7157

IS - 3

ER -

ID: 245681540