Like many fellow privacy pros, you may have been busy updating your standard contractual clauses since last June. Last week, the European Commission finally released its FAQs to “provide practical guidance on the use of the SCCs to assist stakeholders with their compliance efforts.” The 24-page document offers additional context and guidance (though not to be considered legal advice) on both SCCs governing the relationship between controller and processor pursuant to Article 28(7) of the EU General Data Protection Regulation, and for SCCs as a transfer tool pursuant to Article 46(2). The EC wants the FAQ to be a living document so we may see some additional questions and answers down the road.

That document came out just at the close of the Computers, Privacy and Data Protection conference in Brussels, an event best known for its research and academic vibe, where one could spot some familiar faces, from U.K. Information Commissioner John Edwards to NOYB’s Max Schrems. There were many interesting panels so here are just a few soundbites that I overheard:

European Commission Vice-President Vera Jourova, “There is no point in erecting digital walls for data flows. It would not benefit Europeans or our businesses. We need to build bridges instead, with strong foundations embedded in the Charter of Fundamental Rights and the GDPR.”

Deputy Head of Unit in DG Justice and Consumer's international data protection unit, Ralf Sauer, “The EU is ready to look at the Global CBPR Forum. It could be recognized in Europe, but we need to see how it will develop and how strong it will get. If it's a model that relies solely on accountability, trust will be crucial.”

BSA Vice President, Global Policy, Aaron Cooper, “Disagreements among governments about their data collection practices have caused friction, but overall we are seeing more convergence among privacy practices and more efforts at creating interoperable and trustworthy transfer mechanisms.”

European Data Protection Board, Head of Activity for Enforcement Support and Coordination, Gwendal Le Grand, “GDPR enforcement (total of fines) was higher in 2021 than all previous years combined.” The Privacy Advisor covered the EDPB’s move for enhanced cooperation in its latest issue.

Antitrust and competition lawyer Cristina Caffarra, “Antitrust authorities are taming giants with plastic knifes. The community is working in silo when evaluating market power. The tools of privacy can help competition enforcement.”

Member of the European Parliament and co-rapporteur on the proposed EU Artificial Intelligence Act, Brando Benifei, “We cannot rely only on accountability for high-risk AI. We need to introduce third-party assessment to demonstrate compliance.”

And we are less than a week away from the inaugural IAPP Data Protection Intensive Nederland in The Hague, with two days planned of informative sessions and networking opportunity with privacy peers, and an opening keynote by Aleid Wolfsen, Chair of the Dutch Data Protection Authority. Let me know if you are attending and want to connect in person! 

Photo by Yannis Papanastasopoulos on Unsplash