In this informal panel discussion, experts from the UK, Germany, France and the Netherlands reflect upon the European Court of Justice decision in the case of Schrems II handed down in July, and its impact on workplace data transfers. The Court ruled the EU-US Privacy Shield invalid, and although model clauses can still be used for cross-border data transfers, the level of data protection must be equivalent in the receiving country to that provided in the EU.
The panelists tackle the following:
- Do we wait for a new solution (‘Safe Shield’ or ‘Privacy Harbour’?) to emerge from the wreckage of Privacy Shield?
- Do we all scramble to implement Standard Contractual Clauses (SCCs)? If so how do we comply with the Court’s recommendations regarding due diligence on importer countries?
- Are other options available? Can we really use the exceptional derogations provided by Article 49 in anything other than an ad hoc and occasional way?
- Are regulators going to grant grace periods or are they sharpening their sanction tools in readiness for a series of extra-EEA (and the UK) transfer related fines in Q3 and Q4?