Safe Harbor Update: The European Commission Issues Guidance on the Schrems Decision
This past Friday, the European Commission (“the Commission”) issued guidance addressing transatlantic data transfers after the European Court of Justice (“ECJ”) decision in the Schrems case. As we noted in an earlier post, the ECJ Schrems decision invalidated the U.S.-EU Safe Harbor framework, the mechanism that enabled self-certifying corporations to transfer personal data from EU countries to the United States. The Commission’s recent guidance sets forth its top priorities and identifies viable and available transfer mechanisms for companies now that Safe Harbor is no longer valid.
Key takeaways from the guidance include:
- The Commission will continue to work with data protection authorities to ensure uniform application of the Schrems ruling
- The Commission will continue to work in earnest to negotiate a safer and more comprehensive framework for future transatlantic data transfers
- The guidance identifies standard contractual clauses and Binding Corporate Rules as viable temporary alternative transfer mechanisms
- The guidance notes that data protection rules provide for certain exemptions, which may permit the transfer of data in specific circumstances