by Vincenzo Tiani
The ruling of the European Court of Justice last July, better known as Schrems II (Case C-311/18), has left many insiders with a bitter taste in their mouths. The Court invalidated for the second time the agreements concluded between the European Union and the United States, the so-called Privacy Shield, which guaranteed a safe-conduct for those European and American companies engaged in the transfer of personal data between the two continents.
The ruling stated that while Standard Contractual Clauses can still be relied upon, a real impact assessment will be required to assess whether the third country to which personal data are transferred actually guarantees a level of protection adequate to that offered by the GDPR, the EU’s general data protection regulation.
Apart from a few answers published by the EDPB a few days after the judgment, nothing more was said, and many feared that all those treatments that rely on US providers would be liable to a fine. A few days ago, however, the EDPB published some documents with some very useful indications on how to proceed in this moment of transition. These recommendations apply not only to the US, but to any third country.
Read full article on Wired Italia.