Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Practices and Industries
- Regulatory and Public Policy
- Data Privacy and Cybersecurity
- Cross Border Transfers
Covington has extensive experience assisting with cross-border transfer issues, including advising on binding corporate rules (BCRs) and on the “Safe Harbor” regime for data transfers from the EU to the U.S. In the past few years alone, we have assisted a number of clients in preparing their BCR submissions, enabled numerous companies to enroll in or re-certify to the Safe Harbor, and have prepared and filed (where necessary) international data transfer agreements in most EU jurisdictions. In addition, the Covington team is expert in the Cross Border Privacy Rules (CBPR) System deployed by the Asia-Pacific Economic Cooperation (APEC) economies.
Covington’s experience with BCRs is especially substantial. Our experience encompasses all stages of BCRs, from assisting clients with internal preparation of the company, the designation of a lead authority, the drafting of the BCRs and supporting documentation, the submission of the BCR application with the lead authority and subsequent implementation, including national registration and roll-out of the individual elements of the BCR package.
Management of entire BCR approval process
Advising numerous companies on Binding Corporate Rules (BCRs), including Processor Rules. We help develop the BCR corpus and manage the entire approval process before the lead data protection authorities in several EU Member States including Belgium, Germany, Luxembourg and the UK.
Representing global pharmaceutical company in “test” case involving BCR and CBPR interoperability
Representing Merck in one of the first “test” cases involving interoperability between BCRs and APEC’s Cross-border Privacy Rules (CBPR). The case will establish a precedent for cross-border transfers of personal data for both the EU and Asia-Pacific Region.
Binding Corporate Rules for global pharmaceutical company
Assisting GSK plc in its adoption of Binding Corporate Rules (BCRs) in order to permit the company to transfer personal data globally. We helped develop GSK’s privacy compliance program, obtain the UK data protection authority’s approval and continue assisting GSK during the subsequent implementation.
BCRs for global heavy equipment manufacturer
Assisting a multinational manufacturer of heavy equipment in the adoption of BCRs.
BCRs for global heavy machinery manufacturer
Assisting a multinational manufacturer of machinery in the developing of BCRs.
BCRs for multinational e-commerce company
Assisting a global e-commerce company in preparing and filing BCRs with the Luxembourg data protection authority.
Liaison for group of U.S. multinationals with BCRs
Managing and acting as the liaison for a group of U.S. based multinationals that have put BCRs in place and exchange their BCR experience.
Advising global chemicals company on international data transfers
Advising a multinational chemicals company on international data transfers.
Advising on Safe Harbor framework
Helping numerous companies self-certify under the Safe Harbor framework.
BCRs for multinational conglomerate
Assisting a multinational manufacturer of products for the aerospace and building industries in developing BCRs.
Global compliance
Conducted a detailed review of the human resources operations of a large pharmaceutical company to assess compliance with data protection and privacy laws and regulations in both the U.S. and EU, in anticipation of possible certification under the U.S.-EU Safe Harbor regime. Our extensive written report described potential compliance issues and recommended specific remedial actions.
Privacy audit for oil and gas multinational in preparation for BCR approval
Managing a privacy audit of a U.S.-based multinational in the oil and gas industry in preparation for its BCR approval with the Dutch data protection authority as the lead authority, including reviewing and providing advice on the BCRs and the implementation strategy and assisting this client in the preparation and roll-out of various compliance tools in the framework of the BCRs.
Reviewing and amending Binding Corporate Rules
Reviewing and amending BCRs for a Swiss-based pharmaceutical company with the French data protection authority acting as the lead authority.
Global compliance
Serving as global privacy and data security counsel to a global e-commerce business, including advising on financial services privacy and information security-related aspects of certain mobile payments and mobile wallet services and international data transfers
Significant Privacy Case Before the Irish High Court
The Irish High Court referred the validity of the Standard Contractual Clauses used as a basis to transfer data and specifically whether they are compatible with the EU treaties to the EU Court of Justice. This is an amicus brief where we will appear on behalf of our client alongside the U.S. Government in making submissions before the EU Court of Justice.
Artificial Intelligence
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
European General Data Protection Regulation: What You Need to Know
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
Data Privacy and National Security
April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC
April 12, 2017, Covington Alert
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.