Regulatory Responses from Europe and the US [Updated: 15 September 2020]
04 August 2020
On 16 July, the Court of Justice of the European Union invalidated the EU-US Privacy Shield in the long awaited Schrems II decision. The judgement has left both regulators and data controllers searching for guidance on maintaining legitimate international data transfers.
In the days and weeks following the Schrems II Case (Data Protection Commissioner v Facebook Ireland and Maximillian Schrems, Case C-311/18), data protection authorities and regulators have begun to share their analyses of the impact of the decision on lawful transfer of personal data to the US. Regulators have offered a range of responses on data storage, the validity of Standard Contractual Clauses (SCCs) and the use of alternative legal instruments for international data transfers. The regulatory enforcement of this judgement will also have a considerable impact on future cross-border data transfer negotiations, and especially on post-Brexit arrangements.
We are currently following data protection authorities and regulators in both the US and Europe, tracking the differing views. This regulatory tracker can be used to understand the current guidance and recommendations of data protection regulators as it develops and is updated periodically. The current version (14 September 2020) of the summary can be found here.