SCHREMS II & DATA TRANSFERS - Decision & Impact on SMEs
In July 2020, the EU Court of Justice struck down the EU-US Privacy Shield, a major agreement governing the transfer of EU citizens’ data to the United States. The case (C-311/18), referred to as ‘Schrems II’, after the Austrian activist Max Schrems, who brought the case forward, assessed whether the mechanism used by Facebook Ireland to share European data with Facebook Inc (domiciled in the US) – Standard Contractual Clauses (SCC) – was in violation of European citizens’ rights to privacy.
The European Court of Justice ruled that while SCC’s can be a legitimate mean to transfer data, the EU-US Privacy Shield was not a satisfactory framework to protect the rights of individuals, and therefore was invalid.
In the wake of this decision, the European Data Protection Board (EDPB) has developed Recommendations to ensure compliance with the EU level of protection of personal data when transferring data to third countries.
During the workshop, the Recommendations from the European Data Protection Board will be presented and we will also explain the legal decision and discuss solutions that SMEs could deploy to ensure that data transfers are secure. This will then be linked to the wider political context of the EU Digital Decade targets and Strategic Autonomy as these decisions affect both citizens and companies.
Who is it for? Any SME that works with data and the European data market. This can be through buying, selling, providing or exchanging data, and it is particularly relevant if the company is interested in data sources that are outside of the EU. It is also relevant to companies involved in information security and data protection.
What are the benefits from participating? The European Data Protection Board has just (21 June) adopted the final version of its Recommendations for companies on how to undertake data transfers, and their representative will be able to give a first-hand explanation of the Recommendations, which is very useful advice for companies.
Further to this, the panelists will explain the challenges that companies face when undertaking data transfers and ensuring compliance with EU legislation, and the opportunities that this presents and solutions that can be found on the market so that companies can undertake data transfers with confidence – which is valuable information as currently many companies view these obligations as a burden, whereas they contain opportunities as well.