European Union Cross-Border Data Transfer Mechanisms

On March 14, 2017, CincyIP welcomes Matthew D. Lawless and Joshua A. Chowdhury, both of The Procter & Gamble Co., who will speak on the law of transferring personal data outside of the European Union.

Mr. Lawless and Mr. Chowdhury will start with an overview of the EU Data Protection Directive’s requirements regarding lawful transfers, including its derogations and an analysis of the original three lawful data transfer methods: standard contractual clauses, the U.S. / EU Safe Harbor, and binding corporate rules.  They will then explain the successful legal challenge to the Safe Harbor program in 2015.  They will finish by discussing the future of EU data transfers under the U.S. / EU Privacy Shield, the upcoming General Data Protection Regulation, and continuing legal challenges.

1.0 hour CLE available



About the Speakers

Matthew Lawless is an attorney in Procter & Gamble’s Global Privacy, Cybersecurity, and Information Technology Law group.  He advises clients with respect to consumer and “big data” projects, negotiates privacy contracts, and leads P&G’s privacy compliance and training programs.

Mr. Lawless also serves as an adjunct professor of law at the Northern Kentucky University Chase College of Law, the University of Dayton School of Law, and the University of Cincinnati College of Law, where he teaches courses in information privacy. He frequently speaks and writes on law and technology topics, and has presented most recently on privacy in the internet of things, standing in data breach litigation, and privacy issues in electronic discovery at the ANA/BAA Marketing Law Conference, the CincyBrand conference, the OSBA Annual Midwest Labor and Employment Law Seminar, and the Northern Kentucky University Cybersecurity Symposium.

Prior to joining P&G, Mr. Lawless worked in private practice and was a law clerk for judges on the United States District Court for the Western District of Kentucky and the United States Court of Appeals for the Sixth Circuit. He is a graduate of the Cincinnati Academy of Leadership for Lawyers and has been recognized as an Ohio Super Lawyers “Rising Star.” He holds the CIPP/E, CIPM, CIPP/US, and FIP credentials from the International Association of Privacy Professionals, and is a 2016-2018 co-chair of the IAPP’s Cincinnati KnowledgeNet.

Mr. Lawless received his B.A. from Michigan State University, M.A. from Texas Tech University, and J.D. from the Indiana University Maurer School of Law – Bloomington.

Joshua Chowdhury is an attorney in Procter & Gamble’s Global Privacy, Cybersecurity, and Information Technology Law group. He advises clients on privacy and information security risks in enterprise services agreements, counsels on employee privacy matters, and serves on P&G’s incident response team.

Mr. Chowdhury received his B.A. from the University of Virginia and his J.D. from the University of North Carolina at Chapel Hill.