In the recent Schrems II decision, the Court of Justice of the European Union established that United States domestic law, and in particular provisions relating to national security that allow public authorities in the United States to access personal data transferred from the EU to United States, provide limited protections for personal data that are not substantially equivalent to those provided under EU law. In light of these limitations as compared to European Union levels of protection of the human rights of the individuals whose data are transferred, the CJEU declared the Privacy Shield invalid with immediate effect. Pending an adaptation of the relevant US legislation to reflect European Union law, it appears possible to continue transferring personal data from the European Union to the United States only by resorting to specific contractual clauses (SCCs) and Binding Corporate Rules (BCRs), which must be assessed based on their compliance with the GDPR. In particular, Article 49 of the GDPR requires, in data transfers based on the consent of the interested party, that such consent must be explicit, specific and informed (with respect to the risks from the transfer to a country that does not provide adequate protection and security measures for the transferred data). In the Italian insurance sector, in particular in the case of digitalized contracts, for the purposes of data transfers compliant with the provisions of the GDPR and, in general, national and international implementing legislation, operators in the sector (i.e. “distributors” under the Insurance Distribution Directive) will have to rely on ad hoc clauses included in their agreements in relation to the respective roles of the different parties involved in the insurance distribution process. This scenario may involve more onerous obligations for companies, intermediaries, etc. with the consequence of slowing the logic of market responsiveness while yet not responding adequately to the need to safeguard the insurance consumer/client. In order to overcome these difficulties, the United States and the European Commission have begun negotiations for an “improved” Privacy Shield adapted to Schrems II.

Corapi, E. (2021). Informed consent in italian digitalized insurance contracts. From the privacy shield to schrems II. DIRITTO DEL COMMERCIO INTERNAZIONALE(4), 989-1017.

Informed consent in italian digitalized insurance contracts. From the privacy shield to schrems II

Corapi, E
2021-12-01

Abstract

In the recent Schrems II decision, the Court of Justice of the European Union established that United States domestic law, and in particular provisions relating to national security that allow public authorities in the United States to access personal data transferred from the EU to United States, provide limited protections for personal data that are not substantially equivalent to those provided under EU law. In light of these limitations as compared to European Union levels of protection of the human rights of the individuals whose data are transferred, the CJEU declared the Privacy Shield invalid with immediate effect. Pending an adaptation of the relevant US legislation to reflect European Union law, it appears possible to continue transferring personal data from the European Union to the United States only by resorting to specific contractual clauses (SCCs) and Binding Corporate Rules (BCRs), which must be assessed based on their compliance with the GDPR. In particular, Article 49 of the GDPR requires, in data transfers based on the consent of the interested party, that such consent must be explicit, specific and informed (with respect to the risks from the transfer to a country that does not provide adequate protection and security measures for the transferred data). In the Italian insurance sector, in particular in the case of digitalized contracts, for the purposes of data transfers compliant with the provisions of the GDPR and, in general, national and international implementing legislation, operators in the sector (i.e. “distributors” under the Insurance Distribution Directive) will have to rely on ad hoc clauses included in their agreements in relation to the respective roles of the different parties involved in the insurance distribution process. This scenario may involve more onerous obligations for companies, intermediaries, etc. with the consequence of slowing the logic of market responsiveness while yet not responding adequately to the need to safeguard the insurance consumer/client. In order to overcome these difficulties, the United States and the European Commission have begun negotiations for an “improved” Privacy Shield adapted to Schrems II.
dic-2021
Pubblicato
Rilevanza internazionale
Articolo
Esperti anonimi
Settore IUS/02 - DIRITTO PRIVATO COMPARATO
Settore IUS/01 - DIRITTO PRIVATO
Settore IUS/04 - DIRITTO COMMERCIALE
English
Privacy Shield; GDPR; Informed Consent; Digitalized Insurance Contract;-Compliance; SCCs; BCR
Corapi, E. (2021). Informed consent in italian digitalized insurance contracts. From the privacy shield to schrems II. DIRITTO DEL COMMERCIO INTERNAZIONALE(4), 989-1017.
Corapi, E
Articolo su rivista
File in questo prodotto:
File Dimensione Formato  
Elisabetta Corapi.riv dir comm int 4:21.pdf

solo utenti autorizzati

Descrizione: Articolo principale
Tipologia: Versione Editoriale (PDF)
Licenza: Copyright dell'editore
Dimensione 448.05 kB
Formato Adobe PDF
448.05 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/287385
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact