Alexander Milner-Smith, Jessica Jacobi, Elisa Post-Uiterweer, Basile Moore
In this informal panel discussion, recorded on 24 September 2020, experts from the UK, Germany, France and the Netherlands discuss the European Court of Justice decision in the case of Schrems II handed down in July, and its impact on workplace data transfers. The Court ruled the EU-US Privacy Shield invalid, and although model clauses can still be used for cross-border data transfers, the level of data protection must be equivalent in the receiving country to that provided in the EU. The panelists tackle the following:
Do we wait for new solution ('Safe Shield' or 'Privacy Harbour'?) to emerge from the wreckage of Privacy Shield?
Do we all scramble to implement Standard Contractual Clauses (SCCs)? If so how do we comply with the Court's recommendations regarding due diligence on importer countries?
Are other options available? Can we really use the exceptional derogations provided by Article 49 in anything other than an ad hoc and occasional way?
Are regulators going to grant grace periods or are they sharpening their sanction tools in readiness for a series of extra-EEA (and UK) transfer related fines in Q3 and Q4?