For latest guidance and information on the Schrems II decision, visit the TrustArc Privacy Shield Ruling Resources page.
On July 16th, 2020, the European Court of Justice (CJEU) released its highly anticipated decision in Case C-311/18, otherwise known as Schrems II. The CJEU ruled that the EU-U.S. Privacy Shield is to be invalidated. In turn, the Court ruled that the system of Standard Contractual Clauses (SCCs) which allows for data transfers from the EU to third countries, is valid. While the Court ruled that existing SCCs remain valid, supervisory authorities and data controllers must now assess the situation in the destination country on a transfer-by-transfer basis. TrustArc’s team of experts actively monitor global privacy developments and have provided the top ten frequently asked questions about the Schrems II decision to help organizations understand the impact of this judgement.
What do I need to do about my current Privacy Shield self-certification?The U.S. Department of Commerce (DOC) has stated that it will continue to operate Privacy Shield and it expects participants to continue to uphold their Privacy Shield obligations. The U.S. DOC, European Commission, and European Data Protection Board all have indicated that they intend to create a successor to Privacy Shield. Remaining in Privacy Shield may simplify your transition to a successor arrangement between the EU and the U.S. At this time, you are required to continue to uphold your Privacy Shield protections for data you have collected pursuant to Privacy Shield. You do need to ensure an alternative mechanism to transfer personal data from the EU to the U.S., since Privacy Shield can no longer be used to do so.
Are prior data transfers under EU-US Privacy Shield affecte ..
Support the originator by clicking the read the rest link below.
