As previously described on the TrustArc Blog (“ Privacy Shield Approaching Its 3 Year Anniversary”, the European Union (EU)-U.S. Privacy Shield Framework has received two successive annual approvals from the European Commission (EC) since its July 2016 adoption, and currently serves as an EU-to-U.S. personal data transfer mechanism for more than 4,700 U.S. organizations.
Separately, pre-approved standard contractual clauses (SCCs), the most recent version of which was issued in 2010, are also recognized by the EC as valid transfer mechanisms to non-European Economic Area “third countries.” On June 13th, the European Commissioner for Justice and Consumers confirmed in a speech that SCCs are in the process of being updated for the post-GDPR world: “We are already working to modernise standard contractual clauses. This will make it easier for companies to share data when they contract processing services, within the EU or abroad.”
This update to SCCs is occurring concurrently with a legal action challenging the validity of SCCs as a transfer mechanism to the United States, in a case brought against Facebook Ireland by Austrian privacy advocate Maximillian Schrems. The case, dubbed Schrems II?—following the 2015 decision of the European Court of Justice (ECJ) that resulted in the invalidation of the EU-U.S. Safe Harbor Agreement on grounds that it did not provide EU citizens with protections “essentially equivalent” to that of the EU due to U.S. intelligence agencies’ surveillance practices, and thus that any EU-to-U.S. personal data transfers made on that basis were not legal–proce ..
Support the originator by clicking the read the rest link below.
