So much has been said about the new Cross-Border standard contractual clauses (SCC), which the EU Commission finally adopted on 4 June 2021 (see GT blog post from 9 June 2021), that it almost went unnoticed that the Commission published two different kinds of SCC that day. The other set of SCC (the DPA-SCC)

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. After several EU data protection authorities (DPAs) published their reactions, the European Data Protection Board (EDPB), an association comprising, inter alia, national DPAs of all EU Member States, presented its guidance in form of an FAQ.

At the time of its publication, the guidance comprises 12 FAQs. It will be updated with further analysis. While the EDPB notes that supplementary measures may be necessary when using standard contractual clauses (SCCs), it fails to specify what that means but promises to provide more guidance in the future. Summarized below are the key takeaways from the EDPB’s guidance.
Continue Reading EDPB Issues Data Transfer FAQs in the Post Privacy Shield Area