easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Codes of Conduct may be used as appropriate safeguards for cross-border transfers under Article 46 of the European Union General Data Protection Regulation (GDPR). Today, the EU Cloud Code of Conduct\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n Codes of Conduct may be used as appropriate safeguards for cross-border transfers under Article 46 of the European Union General Data Protection Regulation (GDPR). Today, the EU Cloud Code of Conduct (EU Cloud CoC) General Assembly is proud to release a draft version of the Third Country Transfers Module for public consultation<\/a>.<\/p>\n In July 2023, the European Commission passed the long-awaited adequacy decision<\/a> to restore lawful and secure transfers of personal data from the European Economic Area (EEA) to the United States (US). The adequacy decision supports personal data flows between any entity in the EEA and US companies participating in the EU-US Data Privacy Framework<\/a> (EU-US DPF). Cisco welcomed the news, celebrating the efforts of the European Commission and US agencies to rebuild trust in data transfers between some of the world\u2019s largest economies.<\/p>\n This decision could not have been possible without addressing the underlying fundamental human rights and civil liberties concerns \u2013 including binding safeguards that limit access to data by US intelligence authorities to only what is \u201cnecessary and proportionate\u201d to protect national security \u2013 and establishing an independent and impartial redress mechanism available to EEA data subjects. Similar framework arrangements with the United Kingdom and Switzerland are awaiting formal adequacy decisions and are expected shortly. Cisco is an active participant in the EU-US DPF and UK Extension, as well as the Swiss-US DPF.<\/p>\n While the decision offers some relief, the future of the DPF remains uncertain and legal challenges have already begun. Two previous adequacy decisions made by the European Commission \u2013 Safe Harbor and Privacy Shield \u2013 were struck down in 2015 and 2020 respectively by the Court of Justice of the European Union (CJEU). Correspondingly, the European Data Protection Board\u2019s (EDPB) recommendations on measures that supplement remaining transfer tools created previously unforeseen legal responsibilities for companies of all sizes through assessments of third country laws and practices in pursuit of \u201cessential equivalence\u201d (i.e., transfer impact assessments). The defying outcome of legal uncertainty around transfers became obvious \u2013 GDPR had become a de facto, data localization standard.<\/p>\n The Third Country Transfers Module (the Module) under the EU Cloud CoC<\/a> was launched against this background of legal uncertainty and administrative overhead that arguably further endangers fundamental rights and freedoms. Conversely, a cloud service provider (CSP) adherent to the Module warrants it has no reason to believe the laws of the non-EEA countries receiving personal data would prevent the CSP from honoring its obligations under the EU Cloud CoC. Read more about the Guidelines 04\/2021 on codes of conduct as tools for transfers<\/a>.<\/p>\n The Module builds upon relevant CJEU decisions: EDPB Recommendation 01\/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data and Guidelines 04\/2021 on codes of conduct as tools for transfers, amongst other legal requirements. It aims to provide scalable, sustainable, and demonstrable compliance mechanism for cloud providers whose power lies in service catalogues that identify appropriate technical, contractual, and organizational supplementary measures to be adopted by adherent services.<\/p>\n The service catalogues represent tailored transfer impact assessments that are not only attuned to the nature, scope, context, and purposes of personal data processing, but also contain assessment of the third country laws and practices and their influence on a particular transfer. As such, code-adherent cloud services eliminate the requirement for users of cloud services to conduct case-by-case assessments as required by other transfer mechanisms, such as Standard Contractual Clauses. Service catalogues could also be understood as \u201coff-the-shelf nutrition labels\u201d for third country transfers that incorporate fundamental rights considerations while supporting economic growth through \u201cdata free flows with trust.\u201d<\/p>\n Before any Code of Conduct can be used as a Third Country Transfers tool, it must be approved by the EDPB and given general validity by the European Commission. Together with the General Assembly members, Cisco invites those interested in reviewing this preliminary draft to contribute to the shaping of an effective cross-border transfer solution for trusted cloud environments. We look forward to partnering with broader stakeholder groups to advance mechanisms and practices that support demonstrable accountability for effective data privacy.<\/p>\n Cisco has been a proud supporter of the EU Cloud CoC since its inception in 2017 \u2013 from ideation, to development, to adherence of our services, to additional tools like the Third Country Transfers Module. In November 2021, Webex by Cisco (Webex) was declared adherent to the EU Cloud CoC<\/a> and in July 2023, the first collaboration platform to achieve its highest adherence level (3)<\/a> \u2013 another testament to Cisco\u2019s commitment to data protection and to delivering secure technologies. As Cisco\u2019s EMEA Privacy Officer and the Co-Chair of the Third Country Transfers Module, I am greatly honored and proud of our team\u2019s contribution and am looking forward to learning from this public consultation.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n \u00a0\u00a0The EU Cloud CoC releases a draft version of the Third Country Transfers Module under the EU Cloud CoC for public consultation.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Codes of Conduct may be used as appropriate safeguards for cross-border transfers under Article 46 of the European Union General Data Protection Regulation (GDPR). Today, the EU Cloud Code of Conduct\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n Codes of Conduct may be used as appropriate safeguards for cross-border transfers under Article 46 of the European Union General Data Protection Regulation (GDPR). Today, the EU Cloud Code of Conduct (EU Cloud CoC) General Assembly is proud to release a draft version of the Third Country Transfers Module for public consultation<\/a>.<\/p>\n In July 2023, the European Commission passed the long-awaited adequacy decision<\/a> to restore lawful and secure transfers of personal data from the European Economic Area (EEA) to the United States (US). The adequacy decision supports personal data flows between any entity in the EEA and US companies participating in the EU-US Data Privacy Framework<\/a> (EU-US DPF). Cisco welcomed the news, celebrating the efforts of the European Commission and US agencies to rebuild trust in data transfers between some of the world\u2019s largest economies.<\/p>\n This decision could not have been possible without addressing the underlying fundamental human rights and civil liberties concerns \u2013 including binding safeguards that limit access to data by US intelligence authorities to only what is \u201cnecessary and proportionate\u201d to protect national security \u2013 and establishing an independent and impartial redress mechanism available to EEA data subjects. Similar framework arrangements with the United Kingdom and Switzerland are awaiting formal adequacy decisions and are expected shortly. Cisco is an active participant in the EU-US DPF and UK Extension, as well as the Swiss-US DPF.<\/p>\n While the decision offers some relief, the future of the DPF remains uncertain and legal challenges have already begun. Two previous adequacy decisions made by the European Commission \u2013 Safe Harbor and Privacy Shield \u2013 were struck down in 2015 and 2020 respectively by the Court of Justice of the European Union (CJEU). Correspondingly, the European Data Protection Board\u2019s (EDPB) recommendations on measures that supplement remaining transfer tools created previously unforeseen legal responsibilities for companies of all sizes through assessments of third country laws and practices in pursuit of \u201cessential equivalence\u201d (i.e., transfer impact assessments). The defying outcome of legal uncertainty around transfers became obvious \u2013 GDPR had become a de facto, data localization standard.<\/p>\n The Third Country Transfers Module (the Module) under the EU Cloud CoC<\/a> was launched against this background of legal uncertainty and administrative overhead that arguably further endangers fundamental rights and freedoms. Conversely, a cloud service provider (CSP) adherent to the Module warrants it has no reason to believe the laws of the non-EEA countries receiving personal data would prevent the CSP from honoring its obligations under the EU Cloud CoC. Read more about the Guidelines 04\/2021 on codes of conduct as tools for transfers<\/a>.<\/p>\n The Module builds upon relevant CJEU decisions: EDPB Recommendation 01\/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data and Guidelines 04\/2021 on codes of conduct as tools for transfers, amongst other legal requirements. It aims to provide scalable, sustainable, and demonstrable compliance mechanism for cloud providers whose power lies in service catalogues that identify appropriate technical, contractual, and organizational supplementary measures to be adopted by adherent services.<\/p>\n The service catalogues represent tailored transfer impact assessments that are not only attuned to the nature, scope, context, and purposes of personal data processing, but also contain assessment of the third country laws and practices and their influence on a particular transfer. As such, code-adherent cloud services eliminate the requirement for users of cloud services to conduct case-by-case assessments as required by other transfer mechanisms, such as Standard Contractual Clauses. Service catalogues could also be understood as \u201coff-the-shelf nutrition labels\u201d for third country transfers that incorporate fundamental rights considerations while supporting economic growth through \u201cdata free flows with trust.\u201d<\/p>\n Before any Code of Conduct can be used as a Third Country Transfers tool, it must be approved by the EDPB and given general validity by the European Commission. Together with the General Assembly members, Cisco invites those interested in reviewing this preliminary draft to contribute to the shaping of an effective cross-border transfer solution for trusted cloud environments. We look forward to partnering with broader stakeholder groups to advance mechanisms and practices that support demonstrable accountability for effective data privacy.<\/p>\n Cisco has been a proud supporter of the EU Cloud CoC since its inception in 2017 \u2013 from ideation, to development, to adherence of our services, to additional tools like the Third Country Transfers Module. In November 2021, Webex by Cisco (Webex) was declared adherent to the EU Cloud CoC<\/a> and in July 2023, the first collaboration platform to achieve its highest adherence level (3)<\/a> \u2013 another testament to Cisco\u2019s commitment to data protection and to delivering secure technologies. As Cisco\u2019s EMEA Privacy Officer and the Co-Chair of the Third Country Transfers Module, I am greatly honored and proud of our team\u2019s contribution and am looking forward to learning from this public consultation.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\nThe need for supplementary measures<\/strong><\/h2>\n
A tool to address legal uncertainty and administrative overhead <\/strong><\/h2>\n
Next steps for an effective and accountable cross-border transfer solution<\/strong><\/h2>\n
Cisco and the EU Cloud CoC<\/strong><\/h2>\n
The need for supplementary measures<\/strong><\/h2>\n
A tool to address legal uncertainty and administrative overhead <\/strong><\/h2>\n
Next steps for an effective and accountable cross-border transfer solution<\/strong><\/h2>\n
Cisco and the EU Cloud CoC<\/strong><\/h2>\n