Sign up for our free daily newsletter
YOUR PRIVACY - PLEASE READ CAREFULLY DATA PROTECTION STATEMENT
Below we explain how we will communicate with you. We set out how we use your data in our Privacy Policy.
Global City Media, and its associated brands will use the lawful basis of legitimate interests to use
the
contact details you have supplied to contact you regarding our publications, events, training,
reader
research, and other relevant information. We will always give you the option to opt out of our
marketing.
By clicking submit, you confirm that you understand and accept the Terms & Conditions and Privacy Policy
Global businesses let out a collective sigh of relief today after a European Court of Justice (ECJ) advocate general backed the validity of standard contractual clauses (SCCs) governing the transfer of personal data outside of the EU. But privacy experts agreed that the legal opinion by ECJ advocate general Henrik Saugmandsgaard Øe does raise serious questions about the transfer of data to some jurisdictions, including the US.
The case arose out of a challenge by Austrian lawyer and privacy activist Max Schrems, who argued that the clauses relied on by Facebook were invalidated by US laws obliging it to make data available to intelligence agencies.
Reacting to today's news, Miriam Everett, head of data protection and privacy at Herbert Smith Freehills, said on LinkedIn: "We will prepare a full briefing later and obviously the court could reach a different decision in due course but companies can perhaps tentatively breathe a sigh of relief in the hope that the global transfer of data may not be halted."
Pinsent Masons London-based legal director Adam Carney said that while businesses would be relieved in the short-term, the opinion meant there would be greater emphasis on the need for data exporters to ensure SCC protections were being upheld in jurisdictions outside the EU.
He added that the opinion raised ‘fresh doubts’ about the EU-US privacy shield, which is relied on by many US companies to ensure data transferred to the US complies with EU data protection law.
“Now is the time for the data protection authorities and the European Commission to step up the pace to update SCCs in line with the GDPR and to assist businesses with alternative methods of transfer keeping the high standards of protection of the GDPR,” he said. “Stopping global data flows is not the answer. Improving the protections for individuals when their data leaves the EU is."
Click here for a detailed analysis of the implications of the opinion by Pinsent Masons’s Out-Law legal news site and here for Schrems’ reaction to the ruling, which he claimed was “in line with our legal arguments".
Email your news and story ideas to: [email protected]