1

suggestion to use more intra-document references

The documents look good. Great work!

Currently there is a lot of adjustment necessary, e.g. as the parties called by their roles throughout the Ts&Cs part.. just referencing them as party 1/2 (as in oneNDA v2) might make this considerably easier; also all the annexes could just reference the info provided in the DPA.

Also, even though I prefer not to ask for approval of additional subprocessors (especially in our daily business), it might make sense to add the option that additional subprocessors need to be approved.

also, I don't think we need to add the full text of the EU SCC to the respective modules.

I added the files including my comments/suggestions.

Btw, why is there no module 4 annex?

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Thank you so much for taking the time to provide your input Michael  - we'll take your feedback on board. 

    Good question on why Module 4 isn't there. Our rationale is that because this is so situation-specific and not a standard type of transfer, it's likely the parties would have to negotiate the terms of their DPA to fit the particular risk level and type of processing happening and so oneDPA wouldn't be entirely appropriate. Keen to hear your thoughts though, do you agree? 

    Re not adding the full text of the SCCs, how do you suggest we incorporate them? By reference? If so, would that not be problematic in certain jurisdictions? Also, the ICO has not provided guidance on this point so wouldn't the safest approach not be to include it in its entirety? 

    Like
      • Electra JaponasModerator
      • Co-founder of Claustack and oneNDA, Founder of TLB
      • Electra_Japonas
      • 6 mths ago
      • Reported - view

      Katie Moon FYI

      Like 1
  • Electra Japonas : I'd definitely agree that Module 4 is the least relevant. But I'm not sure if the situation is so special that in any case there will be individual agreements..  Also, here the EU entity would be the processor only acting on behalf of the non-EU entity. I would consider the risk level for the EU entity lower under Module 4 than under the other modules.

    Regarding EU SCC: I would only include a reference to the commission decision. This is basically like a reference to a specific law - which you also would not cite. At least in Germany (which usually treats business likes babies/consumers) this would work... and that is usually a good sign that it works in other jurisdictions, too ;)  We are using this approach in our daily practice and did not get any pushback yet. 

    Or with regard to which jurisdiction would you have concerns?

    Like
Like1 Follow
  • 1 Likes
  • 6 mths agoLast active
  • 3Replies
  • 28Views
  • 2 Following
© 2022 The Law Boutique Limited. The Law Boutique Limited is registered in the United Kingdom under No. 09509112 with a registered business address at Unit 11.3.2 The Leather Market, Weston Street, London, SE1 3ER UK.