More safeguards in revamped EU data transfer tools, EU justice chief says
The European Commission will on Friday adopt revamped data transfer tools with more legal and privacy safeguards to allow companies to transfer Europeans’ data securely around the world, the EU executive’s justice chief said on Wednesday.
Standard contractual clauses (SCCs) came under the spotlight after Europe’s highest court told privacy watchdogs last July to suspend or prohibit transfers via SCCs outside the EU if data protection in other countries could not be assured.
SCCs are used by thousands of companies to transfer details for services ranging from cloud infrastructure, data hosting, payroll and finance to marketing.
“We have incorporated some elements of transparency, accountability in full compliance with the GDPR,” Justice Commissioner Didier Reynders told reporters, referring to the EU’s landmark privacy rules implemented in 2018.
He said companies could seek to protect personal data from being accessed by governments in third countries by encrypting the data or processing it in a way that it cannot be attributed to a specific individual without the use of additional details.
“It is the task of companies to see if they only use SCCS or put additional safeguards like encryption and pseudonymised personal data,” Reynders said.
The court also threw out a four-year-old transatlantic data transfer tool known as the Privacy Shield because of concerns about U.S. surveillance.
The EU and the United States are now in talks to resolve the legal limbo facing thousands of companies, which is not ended by the separate agreement on SCCs.
Reynders said a deal would have to acknowledge the enforcement of an individual’s rights, giving Europeans’ administrative redress to a U.S. court for data breaches.
He said the goal was to avoid “Schrems III”.
Austrian privacy activist Max Schrems’ campaign about the risk of U.S. intelligence agencies accessing data on Europeans in a long-running dispute with Facebook led to Europe’s top court striking down both the 2016 Privacy Shield and its predecessor Safe Harbour in 2015.
[Reuters]