Much-needed EDPB guidance on the Schrems II judgment has been released and the picture looks about as grim as possible for impacted companies thus far.
The unexpected Schrems II ruling effectively invalidated the legal status of international data transfers. Some illumination has finally arrived in the form of detailed guidance from the EDPB.
It appears that for some, including the biggest names in tech, the possibility of pulling out of Europe over the new Schrems data transfer requirements is not entirely off the table.
EDPB guidance on cross-border data transfers post Schrems II ruling highlights a number of things that have changed that organizations will need to keep in mind when thinking about how to comply.
Facebook has now exhausted its options for legal challenges as the Irish DPC has ended its stay on the EU-US data transfer ban. The company may be ordered to stop transfers as early as this summer.
Max Schrems, chairperson of noyb, has directed his organization to file over 100 privacy complaints against major businesses engaging in data transfers with the US.
In the wake of the Schrems II decision, organizations performing EU-US data transfers are faced with significant challenges to comply with the GDPR.
EU data transfer mechanisms are in a state of flux, and the additional complications of Brexit can leave organizations wondering how best to navigate this current area of uncertainty.
There was some question as to whether Schrems II would extend to the similar Swiss-US Privacy Shield agreement, and that question has now been answered.
Following the Schrems II ruling and invalidation of the US-EU Privacy Shield, the Council of Europe has said that intelligence services need to stop spying on individuals’ digital communications.