Written question to the EC on Privacy Shield and standard contractual clauses

As we look to recover from the economic impact of the COVID-19 pandemic, transatlantic e-commerce, which generates around EUR 6.1 trillion is more important than ever.

However, on 16 July 2020, the Court of Justice of the European Union (CJEU) struck down the Privacy Shield, one of the most widely used mechanisms allowing US commercial companies to transfer and store EU personal data in the US.

Since the Privacy Shield was invalidated by the CJEU, businesses have been left in limbo until the EU and US agree to a revised ‘adequacy decision’.

  1. What measures is the Commission envisaging to guide businesses through this uncertainty, will it propose supplementary measures that users of standard contractual clauses (SCCs) could/should employ until a new version of the SCCs is released and will there be a grace period for the transition from the Privacy Shield ?
  2. Has the Commission considered taking forward negotiations with its US counterparts on a revised ‘adequacy decision’? If so, when and how?
  3. When and how is it planning to release its proposed updates to the SCCs and what amendments can be expected, particularly with regard to the CJEU’s comments about US data privacy practices and the requirements of the General Data Protection Regulation?

Read the question here and the answer of Commissioner Reynders here.