Intellectual Property Lawyers l Digital Media Solicitors
Specialist Intellectual Property and Digital Media Legal Advice

Blog For Empowering Creatives: IP and Digital Media Lawyers Insights

PAIL Solicitors IP and Digital Media Blog

Our Blog

.

When I think of Frank Sinatra's "My Way," I see a connection to the main ideas behind intellectual property law. "My Way" embodies personal expression and an individual's journey through life, which parallels the concept of the ideas-expressions dichotomy in copyright law. It echoes the principle that music, literature, or art can be copyrighted while allowing others to explore the same ideas without infringing upon that particular expression. Sinatra's anthem also celebrates uniqueness, which is reflected in the definitions of all of the varying types of intellectual property.

The Purpose of This Blog

The articles on this blog are all written, reviewed, and edited by me, Mr Peter Adediran, the Digital Media and Intellectual Property Solicitor at PAIL Solicitors. They are intended to empower the new generation of business executives, professionals, business owners and creatives who want to keep up with intellectual property, digital media and entertainment law in the digital age. Most importantly, empower the community of creatives who want to create works "their way". In today's rapidly evolving digital landscape, staying informed and increasing knowledge in specialised legal services is crucial for e-commerce and digital technology businesses. At PAIL® Solicitors, we understand the unique challenges start-ups, business owners, professionals, business executives, creatives, writers and talent face in protecting their intellectual property and navigating legal complexities. By reading this blog and engaging us as your legal representatives you can safeguard yours and your company's reputations, make informed financial decisions, and confidently expand into new markets by focusing on continuous learning and expertise in these areas.

This blog contains articles on the following themes:

  • Advice on Protecting Digital Content

Encouragement to Stay Informed and Protected

For creatives and businesses alike, staying informed about legal issues surrounding intellectual property is critical. Knowledge is a powerful tool for safeguarding one’s work from infringement or misuse. We encourage individuals to engage with our resources, participate in discussions, and keep abreast of developments in IP law. 

United States Data Transfers

 

United States Data Transfers

United States data transfers as well as other transfers of personal data outside of the EEA are tightly controlled, our focus is on transfers to US cloud servers.

At the moment managers responsible for information security and data protection throughout the European Economic Area including the UK are looking at how to solve a new challenge regarding privacy. This is due to the judgment of the Court of Justice of the European Union (ECJ) in case C-362/14 of Maximillian Schrems v Data Protection Commissioner handed down on the 06th October 2015.

UK companies, **actually it applies to all companies within the EEA, suddenly find that they have to review their use of US clouds to store personal data as it could be illegal.

Maximillian Schrems v Data Protection Commissioner
In a nutshell , the ECJ ruled that the European Commission’s approval fifteen years ago of the Safe Harbour framework developed between the US Department of Commerce and the European Commission allowing US companies to comply with the EU Data protection Directive (95/46/EC) is invalid. According to the ECJ the data Protection Directive provides that international transfer of personal data outside the EEA to a third country must provide an adequate level of protection. The ECJ decided that the US did not provide such protection for a number of specific reasons including that the EU citizen’s personal data was not always being used for the purposes for which it was originally collected. Mr Schrems was able to successfully challenge Facebook’s transfer of his personal data to servers located in the United Sates. Facebook’s reliance on the Safe Harbour Scheme was rejected.

So to simply have a clause that reads as follows is no longer valid following the ruling (**companies will have some time to comply with the new ruling):

” [ ] shall comply with the appropriate safe harbour provisions regarding entering into any required data transfer agreements.”

Where is the data being stored?
The most important question to ask is where is the data being processed or stored? If it’s in the United States the solution is to move down the path of EU model clauses.

**Who is likely to be affected by United States data transfers?
Any business that provides a technology based product such as a web application (web app) or a mobile application (mobile app) basically a client-server software application which runs on a web browser or a mobile operating platform such as IOS or Android or other type of software to multinational companies or is likely to collect or process data outside of the EEA is likely to be affected.

What can we do abut United States data transfers?
Companies need to create data processing agreements that contain model clauses which would be sent out with their standard contracts, and to understand their responsibilities so that they can highlight any necessary changes internally. In other words, the following is needed: (1) **A model international data transfer controller to controller agreement which includes transfers outside the EEA that is compliant with the new ruling; and (2) **model contractual clauses for the international data transfer controller to processor agreement which includes transfers outside the EEA including the US.

**You will need both types of agreements if you are storing data in the cloud in the US. The latter will require two types of clauses, firstly, controller to controller clauses – where you are passing data to a US company that is managing the data independently, or your client is outside the EEA; secondly, controller to processor clauses – where you are transferring the data to a US company that is processing the data on your behalf.

What are the EU Model Clauses?
(*The European Commission is authorised to make findings that certain standard contractual clauses offer sufficient safeguards under Article 26(4). These are : i. Controller to Controller Model Contractual clauses 2001 – ii. Controller to Controller Model Contractual clauses 2004 – iii. Controller to Processor Model Contractual clauses 2010 (the “EU Models”). Other than the EU Models there is no model as yet produced by the UK Information Commissioner, or any other European regulatory body, that will be EU compliant *to replace Safe Harbor.

**What are the challenges with the EU Models?
A few of the challenges you face with respect to the EU model clauses are:

1. Exposure to full liability of a security breach with compensation which is un-capped.
2. Allowing access to data processing facilities.
3. Getting written consent from clients to change or introduce sub-processors.
4. Provide sub-processing agreements to clients.
5. That data subjects are allowed to bring a claim against them in the event that they can’t bring a claim against the client.

**Action
It is advisable to seek specialist advice to understand the extent of your risk exposure when using the EU Model clauses.

If you like this article on US data transfers then you might like our articles on:

Data processing agreements


To obtain a quotation, please contact us at (020) 7305-7491 or at peter@pailsolicitors.co.uk. We would be delighted to assist you. Mr Peter Adediran is the owner and principal solicitor at PAIL® Solicitors.  Subscribe to our newsletter to get blog post updates and other information about the firm straight to your inbox.

Meet The Team: Peter Adediran; Maya El Husseini; Gabrielle Felix; Poppy Harston

*These amendments were added to this article on the 12/11/2015 at 12:15 GMT
**These amendments were added to this article on the 20/11/2015 at 12:15 GMT