Global data transfers – recommended actions post “Schrems II”
In a landmark judgement 16 July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield transfer mechanism. At the same time the court ruled that another much-used transfer mechanism – the EU Standard Contractual Clauses (“SCCs”) – is valid in principle but not always in practice, depending on the circumstances of the data transfer in question.
The judgment will affect not only organizations having based their US data transfers on Privacy Shield. It will have major consequences also for the many organizations who rely on alternative transfer mechanisms such as SCCs and BCR(P) when transferring personal data outside the EEA.
Our privacy experts will discuss the Schrems II judgement, including:
– Key findings of the court and consequences for global data transfers
– Guidance from the EDPB, the Norwegian Data Protection Authority and other supervisory authorities
– Implications for use of SCC and BCR(P)
– Practical steps to take now
The Schrems II decision of the CJEU: Privacy Shield invalidated, but the EU Standard Contractual Clauses remain valid
On July 16, the Court of Justice of the European Union issued a landmark judgement regarding the transfer of personal data to the US, the so-called Schrems II case.