ARTICLE
1 December 2020

European Privacy Regulators Publish Draft Recommendations On Cross Border Data Transfers

PC
Pearl Cohen Zedek Latzer Baratz

Contributor

Pearl Cohen Zedek Latzer Baratz logo
Pearl Cohen is an international law firm with offices in Israel, the United States, and the United Kingdom. Our strength is derived from decades of legal experience and an intimate knowledge of the cutting edge technological, legal, and transactional issues facing our clients in local and cross border matters. This combination of experience and knowledge allows us to provide sound and innovative advice to clients worldwide.
The European Data Protection Board ("EDPB") published its draft recommendations for organizations transferring personal data to jurisdictions outside of the EU.
European Union Privacy

The European Data Protection Board ("EDPB") published its draft recommendations for organizations transferring personal data to jurisdictions outside of the EU. The core of the EDPB's draft recommendations indicates that when an organization chooses to use the European Commission's Standard Contractual Clauses (SCCs) as a mechanism for data transfers to third countries, the organization will have to conduct an assessment of the third country's laws that affect data protection.

If the assessment indicates that the third country does not provide an essentially equivalent level of protection as the EU, the organization must identify and adopt supplementary contractual, technical, and organizational measures. These measures are aimed at elevating the protection afforded to the data so that it rises to the appropriate level of protection under the EU standards.

The EDPB provides a non-exhaustive list of suggested measures, including encryption as a technical measure if the data recipient located in the third country is exposed only to encrypted data. Overall, the recommendations are expected to introduce significant practical difficulties for many organizations that engage in cross-border transfers of GDPR-governed data, particularly regarding transfers to U.S. cloud service providers.

Shortly after the EDPB issued its draft guidance, the EU Commission published for public comments a draft of an updated version of the SCCs.  Once formally adopted by the EU Commission over the next few months, the existing version of the SCCs will be repealed. Organizations will then be given a grace period of up to one year to replace their existing SCCs with the new version.

The EDPB recommendations are open to public comments through December 21, 2020.

CLICK HERE to read Pearl Cohen's detailed review of the EDPB guidelines.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More