Photo of Carsten A. Kociok

Carsten A. Kociok

Subscribe to Carsten A. Kociok's Posts

Carsten Kociok focuses his practice on the technology industry. He has broad experience in the areas of Internet, information technology, electronic and mobile payments and new media, as well as regulatory and data protection law issues.

Carsten advises national and international companies from the Internet, payments and technology industries on the commercial and regulatory side of their business, in particular in the areas of e-commerce and e-business, electronic and mobile payments, service distribution, franchising, outsourcing and technology transactions. This includes all aspects of e-money and payments law, financial services law, data protection and data security regulations, money laundering obligations as well as marketing, unfair competition, consumer protection and general contract law.

Prior to joining the firm, Carsten worked at Olswang for eight years and in the Capital Transaction Practice Group of an international law firm in New York.

Follow:Read more about Carsten A. KociokCarsten's Linkedin ProfileCarsten's Twitter Profile
  • Background. Company B-1 and Company B-2 are corporate affiliates who are under common ownership or control but are separate legal entities. While data is being directly sent from Controller A in Europe to Controller B-2 in the United States, Controller A has contracted only with Controller B-1 in Europe. Solid line indicates the data

Visual Implications
  • 1st SCC Module 1. Initial cross-border transfer from Company A to Company B utilizes the SCC Module 1 designed for transfers from a controller to a non-EEA Controller.
  • 2nd SCC Module 2. Pursuant to Section 8.7 of the 1st SCC, all subsequent onward transfers to non-adequate jurisdictions must also utilize the

Visual Implications
  • 1st SCC Module 1. Initial cross-border transfer from Company A to Company B utilizes the SCC Module 1 designed for transfers from a controller to a non-EEA Controller (1st SCC).
  • 2nd SCC Module 2. Pursuant to Section 8.7 of the 1st SCC, all subsequent onward transfers to non-adequate jurisdictions must also

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

The new Telecommunications Telemedia Data Protection Act (TTDSG) (link in German) is the result of a clean-up campaign in German data protection law. The TTDSG, which became effective 1 December 2021, merges the data protection regulations in telemedia and telecommunications law that were previously scattered across a wide array of German laws.

Click

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)