DUA: This agreement never has prevalence

[DimitriPapadopoulos]

1. I will comply with all relevant rules and regulations imposed by my institution and my government. This agreement never has prevalence over existing general data protection regulations that are applicable in my country.

In the EU, we must strive to have GPRD apply to data originating from the EU, even when exported from the EU. I feel this opens the door to accepting the prevalence of the CLOUD act over the GDPR. Of course local laws and regulations prevail over the agreement, but I think it should go without saying.

[CPernet]

' it should go without saying.' is never a good idea IMO, always be explicit

[DimitriPapadopoulos]

Then I'd say that this agreement has prevalence. Otherwise, we end up implying that US extraterritorial laws have prevalence, which the GPRD precisely tries to avoid.

[CPernet]

I see tricky - the point was that WITHIN EU, national law supersedes EU law.
If we want that regulations are respected according to this agreement and obviously also local law (being explicit) we need another phrasing altogether - Rules established in this agreement thus take place in addition to existing general data protection regulations that are applicable in my country.

[DimitriPapadopoulos]

I agree with the intent that the agreement cannot override local data protection rules, or prevent from following stricter such rules. The new wording with in addition makes this intent clearer, thanks!