| Pages in topic: < [1 2] | European Union Model Standard Contractual Clauses (Processors) Thread poster: Samuel Murray
|
|---|
| Within the EU it is not an issue | Apr 8, 2016 |
It turned out to be something simple: they have EU offices, so in that sense they are indeed an exporter of data. The words "importer" and "exporter" do not have their usual cross-border meanings in these EU agreements, I think, rather they mean something close to "receiver" and "sender".
But the whole directive was created because some countries (outside of the EU) are considered "unsafe" in their handling of personal data. So this whole issue applies only if the data gets out of the EU.
If their office is in the EU, and you are also in the EU, then the whole issue is a non-issue.
At least based on logic. But I doubt logic would work in this case - I know the agency in question.
| | | | Samuel Murray 
Netherlands
Local time: 10:52
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER
Daryo wrote:
If they ask you to authorise the "export" of personal data of EU citizens contained in your translations, they are DEFINITELY banging at the wrong door!!! These data are not "yours" to decide whether to export them or not outside of EU - it's a decision to be taken by the persons concerned, or the institutions that created the ST!
Have you actually read the generic sample agreements at the link that I provided?
If so, surely you'd notice that they do not ask me to authorise anything. In fact, they require me to treat personal information in a certain way. The personal information always comes from them (or via them), and they do not ask me to supply them with any personal information of anyone on my own.
==
As it happens, I have no objection to the agreement, except for two sections:
5.f. The data importer agrees and warrants: at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(the data exporter being the agency, and the supervisory authority being a privacy watchdog from a government department in the EU state where the agency's office is) (in the sample agreement, this item is not optional)
I can't agree to this because it would violate my agreements with other clients. It would be okay if the supervisory authority were to conduct audits on my facilities (they are a government authority, after all, in the same union that I live in), but not the agency or its representatives.
The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.
Indemnification is contingent upon:
(a) the data exporter promptly notifying the data importer of a claim; and
(b) the data importer being given the possibility to cooperate with the data exporter in the defence and settlement of the claim. (in the sample agreement, this item is optional, but the agency's lawyers decided to include it)
I do not indemnify (I don't have the financial resources to do so).
Katalin Horváth McClure wrote:
At least based on logic. But I doubt logic would work in this case - I know the agency in question.
Even if you do know which agency I'm talking about, I don't think this illogicity of requests for compliance with outside regulations is specific to just one agency. It is a symptom of business in general.
It has become impossible for some businesses to operate normally without agreeing to comply to various regulations that reach far beyond their borders, and as a small fish (as even a large agency is a small fish in the bigger scheme of things) you can't "negotiate" the regulations, even if you believe them to be unfair or downright silly. It is up to each service provider to decide where to draw the line, and when to pack up and seek another line of work because the industry they're currently in has become over-regulated.
I have no objection to signing such agreements, to the point that I'm reasonably able to comply with them.
[Edited at 2016-04-08 06:30 GMT]
| | | | Michael Beijer
United Kingdom
Local time: 09:52
Member (2009)
Dutch to English
+ ...
| what is this "personal data" actually, in this context? | Apr 8, 2016 |
Daryo wrote: Samuel Murray wrote: Samuel Murray wrote: Katalin Horváth McClure wrote:
Have you asked them whether their database correctly includes your residence? That is a good point, I'll look into that. It turned out that I was listed incorrectly as being a resident outside the EU, although that did not change the fact that they wanted me to sign the same documents. Daryo wrote: Samuel Murray wrote:
The client is labelled by the EU as an "exporter" of personal data, and I'm an "importer" of personal data, and so various things apply to me as importer. Are you sure? Feels like you got it the wrong way round. I actually queried the client's legal department, and they insist that I'm the importer and they're the exporter. It turned out to be something simple: they have EU offices, so in that sense they are indeed an exporter of data. The words "importer" and "exporter" do not have their usual cross-border meanings in these EU agreements, I think, rather they mean something close to "receiver" and "sender". One of the frustrating things about the agreement is that it states that the definitions of certain terms are the same as in Directive 95/46/EC, but those terms are not defined in Directive 95/46/EC -- they are simply used in it, and it is assumed that the reader knows what those terms mean. So... lots of googling. If they ask you to authorise the "export" of personal data of EU citizens contained in your translations, they are DEFINITELY banging at the wrong door!!! These data are not "yours" to decide whether to export them or not outside of EU - it's a decision to be taken by the persons concerned, or the institutions that created the ST!
Unless we have all misunderstood how they are using the term "personal data", and they actually mean it to refer to the documents themselves (i.e., just the data), rather than "personal data" as it is commonly understood.
MJWB
| | | | Samuel Murray
Netherlands
Local time: 10:52
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER | @Michael (and @Daryo) | Apr 8, 2016 |
Michael J.W. Beijer wrote: Daryo wrote:
If they ask you to authorise the "export" of personal data of EU citizens contained in your translations, they are DEFINITELY banging at the wrong door!!! What is this "personal data" actually, in this context? Unless we have all misunderstood how they are using the term "personal data", and they actually mean it to refer to the documents themselves (i.e., just the data), rather than "personal data" as it is commonly understood.
The agreement does not define "personal data" but it contains this item near the top:
For the purposes of the Clauses: 'personal data' ... shall have the same meaning as in Directive 95/46/EC...;
...and Directive 95/46/EC does define "personal data", though only somewhere in the middle, and not near the top where you'd expect it to:
'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
Daryo, if you were to say of me that "Samuel is a qualified translator", then "is a qualified translator" is personal data, because it relates to me specifically, and I'm specifically identifiable from the context your utterance. If you were to send that sentence via e-mail from within the EU to a recipient outside the EU, then you'd be "exporting my personal data". There is no general prohibition against doing that, but there are laws about it, and about how that information is allowed to be used.
Apparently, the EU government (and modern governments in general) believe that if they draw up lengthy contracts that define every little bit of allowable or disallowed usage, then everyone forced to sign those contracts will always abide by them, for after all, what is easier for sole proprietors and individuals than to implement 1000 page agreements containing 1000 word sentences?
[Edited at 2016-04-08 07:24 GMT]
| | | | | Pages in topic: < [1 2] | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » European Union Model Standard Contractual Clauses (Processors) | Protemos translation business management system | Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!
The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.
More info » |
| | Wordfast Pro | Translation Memory Software for Any Platform
Exclusive discount for ProZ.com users!
Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
Translation news
