Greetings from Portsmouth, New Hampshire!
Believe it or not, we have officially crested into October. This endurance test we’ve called 2020 is in its final quarter. Brace yourself, because I’m about to lay out a scorching hot take: I won’t be sad to see 2020 go! Now please wipe the sweat from your foreheads, and don’t finish dialing 911. As for what I’ll be doing this month, it will be a combination of watching more football, the occasional World Series Game and the better selection of horror movies streaming services have to offer. Think more “The Shining” and less “Friday the 13th Part XIX: Jason Goes to the Aquarium.”
Good thing there’s nothing else going on in the country right now so I can make crummy jokes about horror films. No, sir, nothing else of note is happening right now. Can’t think of a single thing.
As for the world of privacy, everyone is waiting for some semblance of clarification on how to move forward with cross-border data transfers following the Court of Justice of the European Union’s “Schrems II” decision.
No doubt, the European Commission is pushing for revised standard contractual clauses by the end of the year, as Commission Executive Vice President Margrethe Vestager said this week that modernized SCCs could be ready by Christmas. Clarity around data transfers would be a lovely present to find under anyone’s Christmas tree because, as Vestager said, the current situation is “not sustainable.”
In that vein and her first article for the IAPP since her appointment as IAPP senior Westin research fellow, Covington & Burling Senior Counsel Jetty Tielemans shared her analysis of what to expect with the forthcoming, revised SCCs. Addressing the post-"Schrems II" uncertainty, she wrote, "The revised SCCs are seen as part of the solution, although we hasten to add it is unlikely they alone will address all the requirements imposed by the 'Schrems II' decision."
The European Commission and U.S. Department of Commerce started negotiations on an enhanced EU-U.S. Privacy Shield agreement in August, but not much progress has been reported on it since.
On this side of the Atlantic, the U.S. government — including the Department of Commerce, Department of Justice, and Office of the Director of National Intelligence — published a white paper on U.S. privacy safeguards that are relevant to SCCs and other legal bases for EU-U.S. data transfers in the wake of "Schrems II." It's well worth the read.
Subsequently, representatives from the three U.S. departments offered a post on Lawfare emphasizing the need for clarity on data transfers: "As like-minded democracies committed to the rule of law, the EU and the U.S. have managed to develop policy solutions to bridge our legal systems before. Now more than ever, our mutual respect for privacy and data protection; our obligations to protect and improve the lives of our citizens; and our collective advancement in science and industry require both sides to make real, good-faith efforts to bridge our respective data protection regimes once again—and to provide the legal clarity and certainty essential to transatlantic commerce and cooperation."
For now, privacy professionals in the U.S. and the rest of the world must sit and wait. The “Schrems II” ruling rocked the middle of the summer for the privacy industry and as we head into fall and eventually winter, everyone is waiting for the fog to lift and to see which path forward ultimately presents itself.