On July 16, 2020, the Court of Justice of the European Union (CJEU) has invalidated the Privacy Shield Framework with immediate effect and strengthen the requirements for organizations relying on Commission’s Decision 2010/87/EU on controller to processor Standard Contractual Clauses (SCCs) for transfers of personal data to third countries. In the same decision the CJEU took the view that SCCs are still valid. However, the CJEU has stated that individuals whose personal data is transferred to a third country pursuant to SCCs, must enjoy the same level of protection as they would under the privacy laws of the European Union (EU). What should organizations do in the light of the CJEU ruling?
The European Data Protection Board (EDPB) has issued answers to the questions they have received from the EU data protection authorities (DPAs) about the Schrems 2 case. In essence, the EDPB follows the position of the CJEU. If you are still unclear on what to do in the days after the CJEU decision this short summary of the FAQs can help.
The Court of Justice of the European Union (CJEU) has invalidated the EU-US Privacy Shield Framework and found that Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries are valid. This was the outcome of the CJEU decision C-311/18 – Facebook Ireland and Schrems issued on July 16th 2020.
Subscribe to our newsletter to stay on top of the most relevant news from the privacy world. We might personalize the newsletter based on your interests. Occasionally, these emails may contain commercial offers from us. You may unsubscribe by clicking on the unsubscribe link at the bottom of the marketing email or by writing to us.