As 2020 comes to a close, we take this opportunity to look back at some of the more significant developments that we discussed in the blog this year. The first is the EU Court of Justice’s Schrems II decision, finding that the EU-U.S. Privacy Shield was not a valid mechanism for transferring personal data from the EU to the U.S. Related decisions came out of Switzerland and Israel.
As a result of that decision, companies transferring data between the EU and the U.S. have had to rely on Standard Contractual Clauses, along with “additional steps” to make sure there are sufficient safeguards in place to protect the transferred data. The European Data Protection Board has, as we wrote, provided input on what might constitute such additional measures. Companies are working through this now, and anticipating changes that will be made to the SCCs themselves next year.
Putting It Into Practice: The issue of data transfers from the EU to the U.S. was one of many developments from 2020 that we anticipate reverberating well into next year.