In the recent “Schrems II” decision, the Court of Justice of the European Union established that United States domestic law, in particular provisions relating to national security, provide limited protections for personal data transferred from EU to US. In light of these limitations as compared to European Union levels of protection of the human rights of the individuals whose data are transferred, the CJEU declared the Privacy Shield invalid with immediate effect. Pending an adaptation of the relevant US legislation to reflect European Union law, it appears possible to continue transferring personal data from the European Union to the United States only by resorting to Specific Contractual Clauses and Binding Corporate Rules, which must be assessed based on their compliance with the GDPR. In the Italian insurance sector, in particular in the case of digitalized contracts, for the purposes of data transfers compliant with the provisions of the GDPR, operators in the sector will have to rely on ad hoc clauses included in their agreements in relation to the respective roles of the different parties involved in the insurance distribution process. This scenario may involve more onerous obligations for companies, intermediaries, etc.
Corapi, E. (2024). Informed Consent in Italian Digitalized Insurance Contracts. From the Privacy Shield to Schrems II. In M. Heidemann (a cura di), The Transformation of Private Law - Principles of Contract and Torts as European and International law (pp. 1077-1099). London : Springer.
Informed Consent in Italian Digitalized Insurance Contracts. From the Privacy Shield to Schrems II
Corapi, E
2024-01-01
Abstract
In the recent “Schrems II” decision, the Court of Justice of the European Union established that United States domestic law, in particular provisions relating to national security, provide limited protections for personal data transferred from EU to US. In light of these limitations as compared to European Union levels of protection of the human rights of the individuals whose data are transferred, the CJEU declared the Privacy Shield invalid with immediate effect. Pending an adaptation of the relevant US legislation to reflect European Union law, it appears possible to continue transferring personal data from the European Union to the United States only by resorting to Specific Contractual Clauses and Binding Corporate Rules, which must be assessed based on their compliance with the GDPR. In the Italian insurance sector, in particular in the case of digitalized contracts, for the purposes of data transfers compliant with the provisions of the GDPR, operators in the sector will have to rely on ad hoc clauses included in their agreements in relation to the respective roles of the different parties involved in the insurance distribution process. This scenario may involve more onerous obligations for companies, intermediaries, etc.File | Dimensione | Formato | |
---|---|---|---|
Libro in onore di Mads.pdf.zip
solo utenti autorizzati
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
9.65 MB
Formato
Zip File
|
9.65 MB | Zip File | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.