Sovy recognised by KuppingerCole Independent Analysts More Info
  • Home
  • |
  • Log In
  • |
  • Contact
  • |
  • 0
Sovy
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us
  • Products
    • Sovy GDPR Privacy Essentials℠
    • Sovy Academy℠
    • Sovy Advisory Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy News
  • Pricing
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us

Data Privacy News

August 25, 2020

International Data Transfer- A New Challenge For Data Controllers

 It all started with Maximillian Schrems, an Austrian activist who sued Facebook for its privacy policy, participation to the American secret services programs, tracking the user’s activity on other pages than Facebook network along with other violations.

The first decision of the EU Court of Justice (CJEU) ruled that Max can sue Facebook Ireland even in his own country, Austria.

On the 16th of July 2020, CJEU presented its decision on the case called Schrems II. With the new ruling, CJEU has shaken the Privacy Shield mechanism, mechanism that allows US companies to transfer and store EU personal data. Although the decision was directed to the US, this applies to all the other countries, following the Erga Omnes principle. Data exporters must ensure that the personal data has sufficient protection against government surveillance.

However, it did not abolish the Standard Contractual Clauses (SCCs), the method used so far to transfer data internationally, with the obligation for data controllers to assess the level of data protection and suspend or stop the transfer if there’s information of data being under surveillance.

As a reaction from the European DPAs (Data Protection Authorities), the German regulator (LfDI) releases an updated guidance based on the decision of the CJEU which argues that although international transfers under SCCs remain valid, they do not provide sufficient protection in most situations and it is the exporter’s obligation to ensure that data is assured by extra security measures such as encryption, anonymization and pseudonymization. If the data controller cannot provide sufficient protection even with extra measures, it must suspend/cancel the transfer.

There are still questions and uncertainties regarding these major changes in the data protection environment, but it is encouraging to see the reactions of the European Protection Authorities and the great effort made by the GDPR (General Data Protection Regulation) in trying to protect the privacy of individuals.

Need help?

Find out how the Sovy GDPR Privacy Essentials can help you. Get in touch to find out more information.

 

Source:

the CJEU’s decision on the 16th of July 2020: http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=9745404

the German updated guidance: https://privacytranslations.com/international_data_transfer

CJEU data privacy data protection Facebook GDPR Schrems II
Previous StoryData Protection Regulations and COVID-19
Next StoryEarly Enforcement For the LGPD, the National Data Protection Law in Brazil

SEARCH

CATEGORIES

  • 2020 (14)
  • CCPA (5)
  • Charities (1)
  • Coronavirus (3)
  • COVID-19 (3)
  • Events (1)
  • GDPR (52)
  • Google (1)
  • Guidance (2)
  • New Bytes (35)
  • News & Blog (49)
  • Opinions (26)
  • Workplace Conduct (1)

TAG CLOUD

2020 BEUC Brexit CCPA Charities China CJEU Clearview AI CNIL cookies coronavirus COVID-19 cybersecurity data breach data privacy data protection DfE DPC EDPB Facebook facial recognition fine fines GDPR Google guidance H&M IAPP ICO LGDP LGPD mark zuckerberg Marriot marriott Microsoft notification online education oracle PIPEDA salesforce Schrems II tik tok Uber UK vodafone italy

ARCHIVES

  • April 2021 (1)
  • February 2021 (2)
  • January 2021 (3)
  • December 2020 (3)
  • November 2020 (4)
  • October 2020 (4)
  • September 2020 (1)
  • August 2020 (1)
  • July 2020 (2)
  • June 2020 (3)
  • May 2020 (2)
  • April 2020 (2)
  • March 2020 (1)
  • February 2020 (1)
  • January 2020 (3)
  • December 2019 (3)
  • November 2019 (1)
  • July 2019 (3)
  • May 2019 (3)
  • March 2019 (2)
  • January 2019 (3)
  • December 2018 (3)
  • November 2018 (2)
  • September 2018 (1)
  • July 2018 (1)
  • June 2018 (2)

LATEST POSTS

  • Is The GDPR Good For Business?
  • Tik Tok Accused of Noncompliance with the GDPR
  • Clearview AI accused of ‘’illegal mass surveillance’’
  • EDPB launches guidelines on Examples of Data Breach notification
  • GDPR at the End of 2020

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882

Trading Office
Meath Enterprise Centre
Trim road, Navan
Co. Meath, C15 TKX6
Ph: +353 (0)1 669-4774

Brussels

Rond-Point Schuman 11
1040 Brussels
Belgium

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

Trading Office
9-10 Staple Inn
2nd Floor
London WC1V 7QH

New York

NY Metropolitan Area
2037 Lemoine Ave
Suite 452,
Fort Lee, N.J. 07024, USA

ASSOCIATIONS

Copyright © 2020 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069