Drafting Agreements With Vendors and Other Data Recipients: Complying With U.S. State Consumer Privacy and GDPR Requirements
Recording of a 90-minute CLE video webinar with Q&A
This CLE webinar will guide business and technology counsel on drafting and updating technology vendor and other data transfer agreements to meet the privacy requirements of the California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act (CPRA)) and consumer privacy laws in other U.S. states, as well as under the UK and EU General Data Protection Regulation (GDPR). The panel will discuss the evolving privacy landscape and the differences between the U.S. and European approaches and tactics for multi-jurisdictional technology vendor and data transfer agreements, including those involving cross-border transfers.
Outline
- Overview of GDPR
- Overview Of CCPA/ CPRA
- Overview of Privacy Laws in other U.S. states
- Cross-border transfers
- UK/EU
- SCCs and TRA/TIAs
- DPF and onward transfers
- US
- Focus on China
- UK/EU
- Performing due diligence on existing vendor and transfer arrangements
- Understanding roles and limitations
- UK/EU controller and processor distinctions
- US
- service provider / contractor / processor / third-party
- business / controller
- sale / share
- Drafting new vendor contracts or amending existing contracts: language to include
- Tips for implementing an effective vendor and data transfer risk management program
Benefits
The panel will review these and other relevant topics:
- Which is better for you, SCCs, DPF or both?
- When is a company caught up under the new US data export restrictions?
- What can a processor do in the US but not do under GDPR?
- What does California require for sales and sharing for cross-context behavioral advertising?
- How do data minimization, purpose limitation and retention restrictions impact vendor and other data transfer arrangements?
- What are the implications of, and exceptions to, sale and share and how does GDPR condition such transfers under its regime (i.e., lawful basis)?
- What are the California service provider / contractor safe harbors and how to maintain them?
- How to address data integrity, security and incident response?
- How to consider vendor use of AI and use of company data to train AI?
- Ways to streamline the diligence and contracting process.
Faculty
Malcolm Dowden
Senior Practice Development Lawyer
Pinsent Masons
Mr. Dowden is an experienced lawyer, and also an internationally accredited legal training provider focusing on... | Read More
Mr. Dowden is an experienced lawyer, and also an internationally accredited legal training provider focusing on commercial law and technology, with particular expertise in data protection and privacy, including international transfers of data under GDPR and UK GDPR. He has advised on privacy, data protection, electronic communications and cybersecurity issues relating to international transfers of personal data, targeted and behavioural advertising, connected and autonomous vehicles and infrastructure projects. Mr. Dowden is also an internationally accredited legal training provider with extensive experience of designing and running cyber incident simulations and breach response training, contractual drafting and negotiation courses and courses on the legal, regulatory and ethical issues affecting the development and deployment of Artificial Intelligence (AI).
CloseAlan L. Friel
Partner
Squire Patton Boggs
Mr. Friel is co-Chair of the firm’s Global Data Privacy, Cybersecurity & Digital Assets Practice. BTI has... | Read More
Mr. Friel is co-Chair of the firm’s Global Data Privacy, Cybersecurity & Digital Assets Practice. BTI has named Alan to its Client Service All-Stars List, recognizing attorneys who stand above all the others in delivering the absolute best in client service. Prior to joining Squire Patton, he was a partner at another AmLaw 100 law firm, where he led the US Consumer Privacy practice (in which he counseled clients on compliance with the California Consumer Privacy Act (CCPA) and other data privacy regimes), and the retail, restaurant, and e-commerce industry initiative. Previously, he was Chair of the Global Technology, Media and Telcom (TMT) practice of another AmLaw 100 firm.
Close