New mechanism for EU data transfers ‘may be ready by Christmas’

The new plan comes after the Schrems II ruling by the Court of Justice of the European Union in July, which invalidated the EU-US Privacy Shield transfer mechanism and upheld Standard Contractual Clauses (SCCs). The judge made it clear that SCCs were not to be used as a data transfer tool to send EU data to jurisdictions under US surveillance laws. 

The onus of determining the validity of SCCs in each transfer outside of the EU was placed on privacy watchdogs, triggering The European Commission to work with the European Data Protection Supervisor to resolve the issue.

According to Reuters, EU digital chief Margrethe Vestager, told an event organised by Politico, “My colleagues Vera Jourova and Didiers Reynders are working very, very hard to look at standard contractual clauses, at least for that to step in as an intermediate solution. They are very ambitious and hope that it can be in place before Christmas.”

However, it is unlikely that the revised mechanism will solve the problem completely. In a previous interview with PrivSec Report, Max Schrems said, “As it stands, no instrument exists to provide a clear solution to this problem, and no agreement could exist without the likelihood of further invalidation by the CJEU.”

“We have a clash of law; we have a US law asking companies to disclose data and we have the European law saying we can’t do it. There is no way to overcome this clash right now, unless one of the two laws steps back in some way,” he told interviewer Vickie Guilloit from Privacy Culture.

He added: “On the European side it’s fundamental rights, which unless we change the treaties of the European union, it is not going to go away. On the US side, it’s FISA, so that’s a surveillance law that could be changed – it is more realistic to get that changed than anything on the privacy side in Europe.”