oneDPA v0 documents

oneDPA phase 2 has officially begun! ๐ŸŽ‰

Following the end of the initial consultation phase, we counted your votes, collated them, and incorporated your chosen principles within the oneDPA v0 documents. You can now find these documents attached to this post.

The oneDPA v0 documents comprise:

  • oneDPA v0
  • Module 1
  • Module 2
  • Module 3
  • IDT Agreement
  • IDT Addendum

We have also included a Data Export Flow Chart.

What happens now?

In this second phase of the oneDPA consultation, please review the drafting and provide us with comments on whether you agree with the way the principles have been expressed, if you see any gaps that you think we need to address to increase adoption and if there are any parts that you find unclear or confusing.

How do you submit feedback?

Please create a separate post here with your comments. Click "Submit feedback" in the right sidebar to create a new post. Feel free to mark up the documents and attach them within the post.

How long is this feedback round?

Please submit all feedback by 18 May 2022.

What happens after this phase?

Weโ€™ll collate your comments, iterate, send the revised documents to our SteerCo to begin the adoption process and flag any issues they come across so we can address them. v1 of oneDPA will then be issued on the 27 May so you can adopt it.

Any questions?

Just leave a comment on this post or drop @kaveesha a direct message.

5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
    • Marco Mendola
    • Legal Innovation Superhero
    • Marco_Mendola
    • 1 yr ago
    • Reported - view

    Back to you soon with feedback  :)

    Like 2
    • Marco Mendola great thanks Marco!

    • Jamie Fraser
    • CEO & Founder
    • Jamie_Fraser
    • 1 yr ago
    • Reported - view

    Wait, what, all this resource is FREE?...

    Like 2
    • Jamie Fraser That's right! Open source movement for law in the making right here! 

      Like 4
  • Dear Claustack team,

    I'm not an expert in this area, so please disregard my comments if ill-informed but these are just some quick thoughts I had on reading the main (vO oneDPA) document this evening - 

    1. The relationship and roles may be a bit clunky and error-prone to use if they have to be re-chosen multiple times throughout a Word doc. To avoid this, will you be publishing a separate template for each of the three relationship types (Controller-Processor, etc)?

    2. The variables from 'Main Agreement' to 'Governing Law....' might be more readable for the non-specialist reader with an annotation cross-referring to the clause in which they're used.

    3. Maybe adopt a version of the arbitration as well as litigation language from oneNDA to accommodate those who prefer arbitration?

    4. Data Protection Laws - how about tick boxes instead of the current text? Alternatively, and I'm not a data protection law expert, is this sort of thing really worth making a 'variable' - as the listed jurisdictions are just examples anyway, i.e. the laws apply if they apply, regardless of what the parties agree.

    5. In the four rows of free text defined terms from Services relating to Processing to Data subjects, it woud be great to have some default choices which can be ticked / deleted, even if there's a free text option for those who want it.

    6. 'Special provisions' - worth giving some examples of the use cases for this?

    7. Transfer Mechanism - format in tick box style with some instructions?

    8. Term 1.3 - on a quick read, I couldn't figure out the contractual significance of the choice offered here, as the terms 'Business' and 'Service Provider' don't seem to be used in the substantive terms of the document. (Maybe it's cross-referred to from the other documents, I haven't checked).

    9. Term 2.3 - what's the legal significance of the additional words emphasising that this is a 'warranty' - as opposed to just saying that the parties will comply?

    10. Term 3.3 - I imagine that the words 'within' the period would probably be read by an ordinary person to signify that the notification must be given within X days after making the change. But I suspect the intention may in fact be to require at least X days' prior notice to be given. Worth re-phrasing?

    11. Term 5.2 - Rather than asking the parties to delete this clause if inapplicable, it might be cleaner to rephrase to something like "If a Liability Cap is specified in the Variables table...." - and modify the Variables table language accordingly. That way, the standard terms can be kept intact and only the variables need be changed.

    12. Term 5.11 - see the arbitration point mentioned in 3 above.

    13. Annex 1 - I'd find a list of common ones (the sort of things found in security DDQs) which people can tick if applicable really helpful, plus a freeform option for adding others. This could be iterated over time.

    14. Annex 2 - a standardised table with relevant headings (e.g. name, data processed, URL) might be helpful rather than leaving this completely freeform.

    I hope that's helpful.

Like8 Follow
  • 1 yr agoLast active
  • 5Replies
  • 488Views
  • 11 Following
© 2023 The Law Boutique Limited. The Law Boutique Limited is registered in the United Kingdom under No. 09509112 with a registered business address at Unit 11.3.2 The Leather Market, Weston Street, London, SE1 3ER UK.