Last Updated: September 2021
On July 16, 2020, the Court of Justice of the European Union handed out its decision on Case C311-18 Data Protection Commission vs. Facebook Ireland, Max Schrems. The historic ruling invalidated the EU-U.S. Privacy Shield framework and validated standard contractual clauses with an additional layer of requirements when exporting EU citizens’ data to a third country. The invalidation of Privacy Shield and the additional requirements for SCCs have created uncertainty for organizations using these data transfer mechanisms. In response, data protection authorities and government agencies are publishing initial guidance for how to handle the post-“Schrems II” data transfer world. This IAPP Resource Center page collects together DPA and government guidance as it comes out. The IAPP will continue to update this page as new guidance emerges.
If you are aware of existing DPA or government guidance not yet included on this page, please let us know.
DPA and government guidance on ‘Schrems II’
-
expand_more
European Commission -
expand_more European Data Protection Board
-
expand_more European Data Protection Supervisor
-
expand_more
Czech Republic -
expand_more
Denmark -
expand_more
Estonia -
expand_more
Finland -
expand_more
France -
expand_more
Germany -
expand_more
Ireland -
expand_more
Italy -
expand_more
Liechtenstein -
expand_more
Lithuania -
expand_more
Netherlands -
expand_more
Norway -
expand_more
Poland -
expand_more
Slovenia -
expand_more
Spain -
expand_more
Switzerland -
expand_more
United Kingdom -
expand_more
U.S. Department of Commerce