SCCs: EU authorities' stance on EU data exports in wake of Schrems II

News

SCCs: EU authorities' stance on EU data exports in wake of Schrems II

Summary of guidance by data protection authorities available

21 July 2020

The Court of Justice of the European Union recently held in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Schrems II) that standard contractual clauses are valid in principle as an appropriate safeguard for exporting personal data from the EU but that their effectiveness must be verified on a case-by-case basis to determine whether the law of the data importer’s jurisdiction can ensure adequate protection. Where contracting parties have not made such a determination, the European Union’s data protection authorities are required to intervene.

In their roles as arbiters of standard contractual clauses’ validity, data protection authorities have started to outline their positions, including on their effectiveness for data transfers to the United States. We have compiled summaries of those positions, which range from very strict (openly stating that transfers to the U.S. are unlawful) to strict (warning about risks of non-compliance) and measured (considering implications).

Our compilation summarizing the data protection authorities' reactions to Schrems II is available here (maintained).

For additional coverage of the Schrems II judgement, read our recent blog post, here.

Elizabeth Campion, a paralegal in our London office, contributed to this entry.

Authored by Eduardo Ustaran, Henrik Hanssen, Laur Badin, and Julian Flamant.