The importance of this issue cannot be underestimated.
Both the SCCs and the Privacy Shield were at stake, as a result of which various organisations have intervened, including representatives of the EU Parliament, the EU Commission, the European Data Protection Board, several EU Member states (including Belgium), the US government and the Electronic Privacy Information Center, as well as a number of industry lobby groups.
The declaration of invalidity of the Privacy Shield has a major impact on companies all over the world. Organisations can no longer rely on the Privacy Shield to transfer data to the US.
Moreover, organisations need to re-evaluate their data transfers to third countries if based on SCCs. It will require further examination whether the SCCs are still a sufficient safeguard for transfers to data importers. For instance, in the US, it is hard to see how the concerns the CJEU raised as regards to the Privacy Shield would not apply when the SCCs are at issue.
In such a case, what would be the solution to transfer data outside the EEA to a country that does not benefit of an adequacy decision? Binding corporate rules or exemptions provided by Article 49 of the GDPR might be part of the solution.
Would you like to know more about international data transfers, Standard Contractual Clauses, Privacy Shield and the impact of the Schrems II decision? You can register here for our free webinar that will be held in English on Thursday 23 July 2020 at 1pm. In the meantime, keep safe with the transfer of your personal data.