What the New Opinion from the CJEU AG means for International Data Transfers
On Thursday, the Court of Justice of the European Union (CJEU) Advocate General (GA) released his opinion on data transfers in what has been dubbed the “Schrems II” case.
Why are International Data Transfers Important?
Data transfers between the EU and the US are at stake even more than ever. The European GA doubts the Privacy Shield to be valid. He suggests, and usually, the EU follows his suggestions, to decide that the Standard contractual clauses, are generally valid, but that if a importer is not able to provide the guarantees given signing the model clauses, the importer is obliged by contract to notify the exporter so that the data transfer is stopped and the data subjects are notified. That is especially the case if national security laws prevent an adequate level of data protection and make it impossible to provide the guarantees the data importer signed up for. This is true for importers like Microsoft, Amazon, Google, Facebook, etc., that have to obey the Foreign Intelligence Surveillance Act (FISA).
The GA suggested that there is no need for the EUGH to decide on the Privacy Shield as part of this decision, but still outlined his opinion in case the court decides to rule on the Privacy shield as well. He made pretty clear that the Privacy Shield, just as the Safe Harbor certification is still rather a marketing tag than delivering the safeguards requested by the EU courts in the Safe Harbor decision and that he would suggest to declare the Privacy Shield to again be invalid.
One of the distinctions between the (GDPR) and the California Consumer Privacy Act (CCPA) is the definition of a Data Protection OfficerCCPA Requirements for 2020 for Businesses
5 Amendments clear up ambiguities around the CCPA requirements for 2020 for businesses.How to Avoid CCPA Fines & Penalties
Do businesses need to worry about CCPA fines and penalties? Should they act now to comply with CCPA or wait for a federal law?