Loading

Tag: Schrems II

Tag: Schrems II
Page 2

SCCs and Privacy Shield replacement updates, what can we expect?

SCCs and Privacy Shield replacement are both of paramount importance to trans-Atlantic data flows, however, right now the focus may be more on new SCCs.     Almost one year since the CJEU “Schrems II” decision, a new EU-US privacy shield may still be far off. However, with Standard Contractual Clauses being upheld and used quite

Standard Contractual Clauses may not be enough, as suggested by recent decision by BayLDA

BayLDA, the Bavarian DPA has recently ordered a German company to cease from using Mailchimp, despite the use of Standard Contractual Clauses.   In the aftermath of the Schrems II ruling, we have seen some examples of the practical implications of this judgment. In the most recent case, the Bavarian DPA has ordered a German

French court ruling provides greater context to the application of “Schrems II” under the GDPR

French court ruling provides further guidance as to the application of “Schrems II”, as data hosted by subsidiary of US company is found to be protected.    France’s highest administrative court ruled earlier this month that the hosting of a booking platform for COVID-19 vaccinations on Amazon Web Service, also known as AWS, was indeed

Draft of new Standard Contractual Clauses published by the European Commission

On 12 November 2020, the European Commission published a draft Implementing Decision on new Standard Contractual Clauses for the transfer of personal data to third countries. The CJEU judgement in the Schrems II case has brought to light some deficiencies in the current guarantees applied to international data transfers. Apart from invalidating the Privacy Shield,

EU-US Privacy Shield invalidation business implications follow-up

Since the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield in their Schrems II judgement delivered two weeks ago, many questions have arisen around international data transfers to the US. After the invalidation of the EU-US Privacy Shield by the CJEU two weeks ago, as reported by Aphaia, data transfers