TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Dispatch from Brussels: Some clarification for EU data transfers on the horizon Related reading: 'Schrems II' DPA investigations and enforcement: Lessons learned

rss_feed

One of the major topics this week here in Brussels, Belgium, involves questions around transfers of personal data from the European Union. Several sessions at the IAPP Data Protection Congress 2021 address this increasingly complex and searingly significant business challenge. 

Though many questions will remain beyond this week's event, some clarifications are on the way. European Commission Head of International Data Flows and Protection Bruno Gencarelli offered a start Wednesday during a conversation with Goodwin Partner Lore Leitner.

Gencarelli said that direct collection of personal data from individuals in the EU "will never be a transfer." Full stop. He suggested the European Data Protection Board, which is hosting a plenary meeting this week, will make that guidance clear. Relatedly, Gencarelli said to expect a "geographical" rather than a jurisdictional definition of personal data transfers this week.

In a separate interview at the IAPP's DPC, European Data Protection Board Chair Andrea Jelinek was mostly tight-lipped about what to expect from the Thursday's plenary, but she did suggest that if the EDPB does release guidance, there will be a subsequent period for public comment. 

In the mid term, and more broadly, Gencarelli said the Commission will release a Q&A on standard contractual clauses from stakeholders early in 2022. "We have collected a lot of feedback," he said, including around the scope of and modules in the modernized SCCs. 

There is less clarity, however, around a potential Privacy Shield framework. Things appear to have slowed down regarding a new trans-Atlantic agreement, though Gencarelli said, "Negotiations on Privacy Shield keeps us busy around the clock. It is a priority of ours."

For those looking for a timeline, do not expect a set date anytime soon. To illustrate his point, he quoted a "current or former U.S. chief of staff in the military forces," who once said that, "in negotiations, you should never have timelines. You should only have conditions." Last month, there seemed to be a bit more optimism that something would come out by year's end, but that appears to be off the table at the moment. 

Gencarelli admitted he was limited in what he could say publicly regarding the negotiations, but he emphasized that a new agreement between the EU and U.S. would need to be "sustainable" and "durable." 

He said there are two underlying issues: "the conditions, the limitations, the safeguards on the basis of which U.S. intelligence agencies can access data transferred from EU and then the access to (U.S.) courts" for EU citizens. The negotiations are about addressing those concerns raised by the Court of Justice of the EU in the "Schrems II" judgment. The negotiations are not, he said, about the commercial obligations. 

Plus, he noted that even if an agreement comes about, it will take both sides of the negotiations months to adopt and implement. "We have made a lot of progress," Gencarelli said, "but we are not there yet."

Clearly, patience will be required for a trans-Atlantic data transfer solution. 


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.