This week, the Court of Justice of the European Union will hear the Schrems II case. The case focuses on Facebook’s transfer of personal data to the U.S. using standard contractual clauses and whether those EU-approved commercial contracts meet European legal standards for government access to data. As the primary legal mechanism underpinning companies’ global data transfers, there is a lot at stake. Privacy professionals around the world are asking what happens if SCCs are deemed insufficient. In this article for Privacy Perspectives, Senior Privacy Fellow Caitlin Fennessy, CIPP/US, explores whether a data transfer mechanism is necessary for companies already subject to the EU General Data Protection Regulation.
If you want to comment on this post, you need to login.