Following the Court of Justice of the European Union (CJEU) ruling invalidating the EU-US Privacy Shield, transatlantic data flows have entered a new world of uncertainty. While wiping out Privacy Shield, the CJEU found that Standard Contractual Clauses (SCCs) are valid for EU-US data transfers, with the caveat that data controllers or processors must take steps to guarantee the protection of data they transfer to third countries, taking into account local legal frameworks.
Initial guidance from the European Data Protection Board has called for companies using SCCs or Binding Corporate Rules (BCRS) for transfers to start carrying out assessments of data protection in the countries they transfer data to and to deploy additional data protection safeguards, if needed. As they await further guidance on potential additional data protection safeguards, companies using SCCs and BCRs are seeking clarity on what a data protection assessment is expected to cover and what type of technical, organisation or legal additional safeguards will satisfy data protection authorities and courts.
In this webinar, we discuss what the Schrems II ruling means for businesses, how companies should respond, and the next steps on European and US transatlantic data flows.
- Bruno Gencarelli, Head of International Data Flows and Protection Unit, DG Justice, European Commission
- Jim Halpert, Partner, DLA Piper
- Moderator: Haude Lannon, Senior Policy Manager, Access Partnership