Since the verdict in the summer of 2020, the Schrems II judgment has now significant implications that go well beyond regulation of data transfers to the US:
Based on the verdict the obligations that the Court now has placed on the data controllers to investigate the level of protection will be difficult for transfers to many countries (example China), where legislation dealing with law enforcement and the security services is either difficult to obtain or in many cases non-existent.
The overwhelming need for further guidance
The judgment will also put the oversight authorities (DPA) to take enforcement actions against companies that solely rely on the SCCs. The standard probably will also require other appropriate safeguards under Art. 46 (such as BCRs).
Data Controllers and privacy professionals must also balance data subjects’ fundamental personal rights and the organisations’ legitimate data processing objectives. Besides, they must also create a defensible business position by using new Additional Safeguards as necessary.
EDPB has released guidance so that Data Professionals can determine and understand which specific additional safeguards can help bring their organisation in line with Schrems II requirements. Also, clearly defined use cases described by the EDPB can reassure organisations what not to do and how to avoid penalties being imposed due to non-compliant data processing.
How to establish Supplementary Measures to comply after the privacy shield.
The judgment will also make it more difficult to reach agreement on a possible adequacy decision for the UK post-Brexit.
At the Data Protection Day, on the 28th January 2021, we will review the Schrems II verdict with the following keynote speech:
The Schrems II Decision: What it Means for Privacy Programs
The EU Court of Justice has invalidated the US-EU Privacy Shield with an immediate impact on the data flows and business operations: Let’s get clarity around Standard Contractual Clauses (SCCs) and:
Jacob Eborn, Privacy Consulting Manager, CIPP/E, Onetrust.
Register today: https://www.copenhagencompliance.com/2021/dpoday/index.html