New mechanism for EU data transfers ‘may be ready by Christmas’

Finland

A revised mechanism for transferring EU data outside of the EU may be ready by Christmas, according to the EU’s digital chief.

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs). The judge made it clear that SCCs were not to be used as a data transfer tool to send EU data to jurisdictions under US surveillance laws. 

The onus of determining the validity of SCCs in each transfer outside of the EU was placed on privacy watchdogs, triggering The European Commission to work with the European Data Protection Supervisor to resolve the issue.

According to Reuters, EU digital chief Margrethe Vestager, told an event organised by Politico, “My colleagues Vera Jourova and Didiers Reynders are working very, very hard to look at standard contractual clauses, at least for that to step in as an intermediate solution. They are very ambitious and hope that it can be in place before Christmas.”

However, it is unlikely that the revised mechanism will solve the problem completely. In a previous interview with PrivSec Report, Max Schrems said, “As it stands, no instrument exists to provide a clear solution to this problem, and no agreement could exist without the likelihood of further invalidation by the CJEU.”

“We have a clash of law; we have a US law asking companies to disclose data and we have the European law saying we can’t do it. There is no way to overcome this clash right now, unless one of the two laws steps back in some way,” he told interviewer Vickie Guilloit from Privacy Culture.

He added: “On the European side it’s fundamental rights, which unless we change the treaties of the European union, it is not going to go away. On the US side, it’s FISA, so that’s a surveillance law that could be changed – it is more realistic to get that changed than anything on the privacy side in Europe.” 

 


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.