Since the publication of the EU Court of Justice decision in the Schrems 2 case, many organizations that send or receive personal data of EU/EEA residents have been struggling to find reliable, viable means to ensure the continuity of the data flows emanating from the EU/EEA, and the privacy protections needed for this data. The guidance provided by regulatory authorities on both sides of the Atlantic has been limited.
The Schrems 2 decision focuses primarily on two elements, the EU-US Privacy Shield and the Standard Contractual Clauses Controller-to-Processor. Both the EU-US Privacy Shield program and the Standard Contractual Clause framework have come out with a black eye. And both aspects of the Schrems 2 decisions have significant consequences for businesses that operate on a global scale.(more…)