SaaS Agreements – New UK SCCs – IDTA and UK Addendum

Since the EU-US Privacy Shield was declared invalid following the Schrems II decision in 2020 of the ECJ, SaaS suppliers and SaaS customers have had to use EU standard contractual clauses, (“EU SCCs”) or binding corporate rules (“BCRs”) when transferring personal data from the EEA, UK or Switzerland to a third country not deemed “adequate” by the European Commission.

Continue reading

SaaS Agreements – FAQs – Cookies

Cookies are small text files placed on a user’s hardware device, such as a computer, tablet or mobile phone which record online activity. The majority of websites use cookies to measure visits and the use of websites (analytics cookies). Cookies are often also used to save user names, passwords and user preferences to make repeated use of a website more comfortable for the user. However, increasingly cookies are being used to collect information about users for the purposes of targeted marketing, tracking and other non essential purposes.

Continue reading

SaaS Agreements – GDPR – EU-US Privacy Shield Invalid

On the 16th of July 2020 the EU-US Privacy Shield was ruled invalid with immediate effect by the European Court of (“CJEU”). The steps that SaaS suppliers now need to take depend on the scale and type of international data flows and the transfer mechanisms used. If you rely solely upon the EU-US Privacy Shield for transfers to the US, you must replace the Privacy Shield with the EU Commission’s Standard Contractual Clauses (“SCCs”).

Continue reading