fbpx

Download free GDPR compliance checklist!

Tag Archives for " Standard contractual clauses "

Facebook told it may have to suspend EU data transfers after Schrems II ruling

Ireland’s data protection watchdog, the DPC, has sent Facebook a preliminary order to suspend data transfers from the EU to the US.

The preliminary suspension order follows a landmark ruling by Europe’s top court this summer which both struck down a flagship data transfer arrangement between the EU and the US and cast doubt on the legality of an alternative transfer mechanism (aka SCCs) — certainly in cases where data is flowing to a non-EU entity that falls under US surveillance law.

Source: Facebook told it may have to suspend EU data transfers after Schrems II ruling | TechCrunch

European Parliament Held Meeting on Future of EU-U.S. Data Flows

On September 3, 2020, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament held a meeting to discuss the future of EU-U.S. data flows following the Schrems II judgment of the Court of Justice of the European Union (CJEU).

In addition to Members of the European Parliament , the meeting’s participants included Justice Commissioner Didier Reynders, European Data Protection Board (EDPB) Chair Andrea Jelinek and Maximilian Schrems. Importantly, Commissioner Reynders stated during the meeting that the new Standard Contractual Clauses might be adopted by the end of 2020, at the earliest.

Source: European Parliament Meeting on Future of EU-U.S. Data Flows

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

What Privacy Shield organizations should do in the wake of ‘Schrems II’

The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement.

Fortunately, the CJEU did not invalidate the European Commission’s standard contractual clauses for transfers to data processors. However, the rationale behind the court’s ruling on Privacy Shield (which focused on concerns about U.S. law and practice on government surveillance) would suggest that companies will need to evaluate their use of SCCs.

So, what now?

Full article: What Privacy Shield organizations should do in the wake of ‘Schrems II’

What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for you

On the 16th of July, one of the most anticipated cases in data protection, case C-311/18 — Facebook Ireland versus Schrems — will be delivered by the EU Court of Justice.

The verdict in the groundbreaking “Schrems 2.0” case will dictate whether the widely used Standard Contractual Clauses (SCCs) and the EU/USA Privacy Shield will remain a valid means of transferring personal data to countries outside the EEA under the EU’s GDPR.

Full article: What the outcome of the upcoming ruling in Facebook Ireland vs Schrems can mean for your organisation and how to prepare for the 16th of July

German Supervisory Authority Publishes New Standard Clauses for Processors

On April 9, 2020, the German Supervisory Authority of Baden-Wuerttemberg published standard contractual clauses for data processors pursuant to Article 28(8) GDPR.

It is the first German Supervisory Authority to do so, and the second in EU after the Danish Supervisory Authority published its own standard clauses in July 2019.

Source: German Supervisory Authority Publishes New Standard Clauses for Processors

Advocate general thinks Standard Contractual Clauses are valid for data transfers out of EU

Henrik Saugmandsgaard Oe, advocate general to the Court of Justice of the European Union (CJEU), in his opinion issued yesterday said the use of so-called standard contractual clauses by Facebook and other firms to transfer information abroad is “valid.”

His non-binding opinion is not a ruling as such, but legal experts say opinions from the advocate general are typically followed by the court in a majority of cases. The CJEU will rule on the case in the coming months.

Source: Schrems vs. Facebook: Legal advisor to EU supreme court gives opinion

AG Opinion in Schrems II Delayed

The Advocate General’s (AG) Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (so called “Schrems II”), has been delayed until the 19 th December 2019.

The primary question before the European Court of Justice, and the AG, in Schrems II is whether the European Commission’s standard contractual clauses are valid for transfers of personal data to the United States.

Source: UPDATE: AG Opinion in Schrems II Delayed

CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

On July 9 the Court of justice of European Union had its session in so called Schrems II case. The question is; whether U.S. law on the access of national security agencies to the personal data of non nationals, the Foreign Intelligence Service Act, breaks European data protection laws. And if so, does that invalidate currently legal data transfer mechanisms?

Court heard from the Irish Data Protection Commissioner, Facebook, the Electronic Privacy Information Center, DigitalEurope, the Business Software Alliance, the European Commission, the European Data Protection Board, the U.S. government as well as several EU countries and representatives of Max Schrems himself.

The EU court’s Advocate General Henrik Saugmandsgaard Øe said he will give his non-binding opinion in the case December 12 this year, with a full decision expected by early 2020.

Source: CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

There is a significant risk the CJEU will declare these transfer mechanisms as invalid. If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Read full article: SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

>