Schrems II Solutions, Judgement, and Impact
On July 16, 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield as a lawful mechanism to transfer personal data and determined that Standard Contractual Clauses (SCC) will require stricter considerations of the destination jurisdictions moving forward. The additional SCC-related obligations will also apply to binding corporate rules (BCRs) according to the European Data Protection Board. Businesses are now having to review their third-party vendors to ensure that their means of transferring data meet the heightened obligations for valid transfers from the EU to the U.S. and other jurisdictions.