Regulation (EU) 2016/679 – the General Data Protection Regulation, or GDPR – creates a need for organisations seeking to transfer personal data from within the EEA to third countries to implement safeguards which are appropriate to ensure the protection of those data. One common approach to this was for organisations to rely on the Standard Contractual Clauses – a set of European Commission-approved predetermined contractual provisions which would bind non-EEA data importers to rules aligned with European data protection standards. However, the viability of these Clauses to ensure the lawfulness of such transfers has been called into question by recent caselaw of the Court of Justice of the European Union (the infamous “Schrems II” decision). In response, the European Commission has updated the Standard Contractual Clauses, boosting their protections in accordance with the requirements of the GDPR and the mentioned caselaw. In this panel, we will discuss the novel Standard Contractual Clauses with top legal and practical experts, so as to exchange thoughts on their effectiveness in ensuring the protection of transferred data, the difficulties which they present for organisations seeking to make use of them, and whether they still present a reasonable solution for lawful cross-border data transfer in practice.
Nathaly Rey, Head of EMEA Data Governance, Google Cloud;
Martim Taborda Barata, Partner, ICTLC International;
Tanya Forsheit, Partner, Co-Chair Privacy, Security & Data Innovations Group, Loeb & Loeb LLP;
Neil Thacker, CISO EMEA, Netskope