Data transfers between the EU and the US: Still unclear on what you're supposed to do? Here's an explainer

2021-11-01 11:30

Having struck down Safe Harbor - the agreement governing EU-US data transfers - in 2015, the Court of Justice of the European Union went on to condemn its replacement, the beleaguered EU-US Privacy Shield, to a similar fate just over a year ago.

Now, it would be wrong to say that lightning struck a third time - the CJEU did not invalidate SCCs - but the Court did rule, in the same judgment that put an end to the Privacy Shield, that businesses must assess the underlying transfer of data to which the contracts apply.

The upshot is that business lost what it thought was a silver bullet, and for many readers, question marks still linger over the issue of data transfers between the EU and the US. Not only are these questions unlikely to disappear overnight, but in the months ahead, they could in fact intensify.

The broad powers of US authorities are proving to be one rather large spanner in the works of the ongoing EU-US data adequacy negotiations.

Businesses could be forgiven for scratching their heads about what the legal requirements for transferring data actually include.

At its core, the General Data Protection Regulation was about promoting accountability and so, no matter where lightning strikes in the future, nothing will protect businesses more than being on their front foot.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/01/data_transfers_europe/

#EU #US