亚洲日本免费-啊轻点灬太粗太长了三男一女-麻豆av电影在线观看-日韩一级片毛片|www.grbbt.com

編者按：

在不久的將來，歐盟委員會將就期待已久的標(biāo)準(zhǔn)合同條款（SCCs）模塊進行磋商，該模塊適用于向直接受 GDPR 管轄的第三國控制者和處理者進行的數(shù)據(jù)傳輸。這一舉措對于解決跨境數(shù)據(jù)傳輸?shù)膹?fù)雜性。

The Commission has already issued 4 modules of SCCs covering various transfer scenarios. However, a key issue has emerged: if a data importer is located outside the EEA but directly subject to GDPR, should SCCs still be required? It has been argued that if the importer is already bound by GDPR, SCCs might cause an inefficient duplication of obligations, potentially creating confusion for businesses trying to comply with overlapping legal requirements.

到目前為止，歐盟委員會已經(jīng)發(fā)布了 4 個 SCC 模塊，涵蓋各種轉(zhuǎn)移情況。【見數(shù)據(jù)跨境流動 | 歐盟新版標(biāo)準(zhǔn)合同條款（最終版）全文翻譯】然而，一個關(guān)鍵問題出現(xiàn)了：如果數(shù)據(jù)進口商位于歐洲經(jīng)濟區(qū)之外，但直接受 GDPR 約束，是否仍然需要 SCC？有觀點認(rèn)為，如果數(shù)據(jù)進口者已經(jīng)受 GDPR 約束，SCC 可能會導(dǎo)致義務(wù)重復(fù)，效率低下，可能會給試圖遵守重疊法律要求的企業(yè)造成混亂。

While there are unofficial indications from the Commission that SCCs may not be necessary for these scenarios, this is not yet a formal position. The European Data Protection Board (EDPB), however, has taken a much clearer stance. Accordingly, it has concluded that SCCs should indeed be required, even when the importer is subject to GDPR, as they address potential contradictions between foreign laws and EU regulations.

雖然歐盟委員會有非官方跡象表明，在這些情況下可能不需要SCC，但這還不是一個正式的立場。不過，歐洲數(shù)據(jù)保護委員會（EDPB）的立場要明確得多。因此，它得出結(jié)論認(rèn)為，即使進口商受 GDPR 的約束，也確實需要 SCC，因為它們可以解決外國法律與歐盟法規(guī)之間的潛在矛盾。【具體見EDPB《關(guān)于GDPR第3條的適用與第五章的國際轉(zhuǎn)移規(guī)定之間的相互作用的05/2021準(zhǔn)則》2.0版本-中文翻譯】

Why is this important? 為什么這很重要？

This debate is not just theoretical but is already playing out in practice. Specifically, the recent Uber 290 million euros fine in the Netherlands highlighted the confusion around this issue. Uber argued that no SCCs were required for data transfers to its US operations because Uber Technologies Inc., as a joint controller with Uber B.V., was already subject to GDPR requirements. However, the Dutch Data Protection Authority (DPA) (Autoriteit Persoonsgegevens) rejected this argument, emphasizing that even importers under GDPR obligations could be subject to foreign laws that conflict with EU standards, reinforcing the need for SCCs in such scenarios.

這種爭論不僅是理論上的，而且已經(jīng)在實踐中上演。具體來說，最近 Uber 在荷蘭被罰款 2.9 億歐元的事件就凸顯了圍繞這一問題的混亂。Uber 辯稱，向其美國業(yè)務(wù)轉(zhuǎn)移數(shù)據(jù)不需要 SCC，因為 Uber Technologies Inc. 作為 Uber B.V. 的聯(lián)合控制方，已經(jīng)受 GDPR 要求的約束。但是，荷蘭數(shù)據(jù)保護局（DPA?）（Autoriteit Persoonsgegevens）駁回了這一論點，強調(diào)即使是承擔(dān) GDPR 義務(wù)的進口商也可能受制于與歐盟標(biāo)準(zhǔn)相沖突的外國法律，從而加強了在這種情況下簽訂 SCC 的必要性。

The new SCC module aims to resolve this confusion by clearly outlining the obligations for third-country importers directly subject to GDPR. It will help ensure consistent compliance while avoiding the unnecessary duplication of requirements that could burden businesses.

新的 SCC 模塊旨在通過明確概述直接受 GDPR 管轄的第三國進口商的義務(wù)來解決這一困惑。這將有助于確保一致性合規(guī)，同時避免不必要的重復(fù)要求，以免給企業(yè)造成負擔(dān)。

What’s next?

• Public consultation: Planned for Q4 2024.公眾咨詢：計劃于 2024 年第四季度進行。
• Draft adoption: Expected in Q2 2025.通過草案：預(yù)計 2025 年第二季度。

聲明：本文來自網(wǎng)安尋路人，稿件和圖片版權(quán)均歸原作者所有。所涉觀點不代表東方安全立場，轉(zhuǎn)載目的在于傳遞更多信息。如有侵權(quán)，請聯(lián)系rhliu@skdlabs.com，我們將及時按原作者或權(quán)利人的意愿予以更正。