ARTICLE
6 December 2020

Schrems II – Follow-up On New Protective Measures For Safe Data Transfers

SA
Schoenherr Attorneys at Law

Contributor

We are a full-service law firm with a footprint in Central and Eastern Europe providing local and international companies stellar advice. As the go-to legal advisor for complex commercial matters in the region, Schoenherr aims to use its proximity to industry leaders, in developing practical solutions for future challenges. We keep a close eye on trends and developments, which enables us to provide high quality legal advice that is straight to the point.
According to the Statement, the competent authority with respect to the ePrivacy Regulation should be the data protection office.
European Union Privacy

On 11 November 2020 the European Data Protection Board ("EDPB") issued recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, and recommendations on the European Essential Guarantees for surveillance measures. The recommendations, resulting from a high-level Schrems II judgment, are intended to help data controllers and processors fulfil their obligation to define and implement appropriate complementary measures when transferring personal data to third countries.

In short, the recommendations contain a plan of actions to be taken by data exporters to determine whether it is necessary to implement complementary measures to transfer data outside the EEA in compliance with EU law, and to identify the most effective measures in each case. The recommendations also present an open catalogue of examples of complementary measures and how they could work for the given data transfer. Consultations for complementary measures will be ongoing until 21 December 2020.

Continuing its work, on 19 November 2020 the EDPB presented the long-anticipated new sets of standard contractual clauses between controllers and processors, and another one for data transfers outside the EU, as well as a statement on the ePrivacy Regulation and the future role of supervisory authorities and the EDPB ("Statement"). According to the Statement, the competent authority with respect to the ePrivacy Regulation should be the data protection office. In Poland it would mean transferring part of the responsibilities from the Office of Electronic Communications (Urzad Komunikacji Elektronicznej) to the Polish Data Protection Office (Urzad Ochrony Danych Osobowych).

The Statement can be found at here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Privacy Law and Privacy Regulations

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More