CCIA Welcomes Advocate General Opinion on Validity of EU Data Flow Instrument

BY Heather Greenfield
December 19, 2019

Brussels, BELGIUM — Advocate General Saugmandsgaard Øe has issued a non-binding opinion in response to a case involving data transfers that are used to process information like credit card transactions or insurance claims. The case examined whether so-called Standard Contractual Clauses provide sufficient protection to EU citizens’ data when transferred outside the European Union. Standard Contractual Clauses (“SCCs”) are an EU instrument used by thousands of European and international companies to transfer data outside Europe, including over 150 countries which are not deemed “adequate” by the European Commission. 

Although this opinion is non-binding, the EU Court of Justice tends to follow the conclusions of the Advocate General. 

In today’s opinion, the AG said that SCCs provide sufficient protection to citizens’ data as long as they are duly enforced by national data protection authorities. Companies which choose to implement SCCs must implement organisational and technical measures and divide up their respective data protection obligations. The laws of the country of destination may also offer additional safeguards, including limitations and judicial redress mechanisms when data is accessed by non-EU authorities for reasons of national security. Finally, European data protection authorities can enforce SCCs, including the prohibition or temporary suspension of data flows if they have serious concerns that SCC cannot be complied with because of foreign legislation.

The Computer & Communications Industry Association has been a longtime advocate for stronger privacy safeguards and the need for data transfers between the E.U. and the rest of the world. 

The following can be attributed to CCIA Senior Policy Manager Alexandre Roure: 

“AG Saugmandsgaard Øe has found that Standard Contractual Clauses provide strong protection when data is transferred outside the EU and it is the responsibility of national authorities to enforce them. This is good news for European internet users and businesses as Standard Contractual Clauses are the only viable and affordable instrument for European companies to transfer data beyond the dozen countries the EU deems adequate.”

 

For media inquiries, please contact Heather Greenfield hgreenfield@ccianet.org

 

Related Articles

EU Top Court Strikes Down Privacy Shield, CCIA Calls for Urgent Legal Certainty and Solutions

Jul 16, 2020

Brussels, BELGIUM — The European Court of Justice (CJEU) issued a landmark ruling today that invalidates Privacy Shield, a key legal mechanism which thousands of companies use to transfer commercial data from the EU to the United States. The CJEU ruled that the Privacy Shield decision does not comply with EU law. Among other things,…

Senate Judiciary Advances Measure To Give Government Greater Control Over Online Content, Opens Risks For Online Security Through Patchwork Of State Laws

Jul 2, 2020

Washington — The Senate Judiciary Committee took a step toward approving legislation, S. 3398, the “Eliminating Abusive and Rampant Neglect of Interactive Technologies” (EARNIT) Act, which would weaken the law companies rely upon to address objectionable activity online, commonly referred to as Section 230. In March, when the bill was introduced, the Computer & Communications…

CCIA Raises Privacy and Security Concerns Regarding Brazil’s Proposed ‘Fake News’ Law

Jun 24, 2020

Washington — The Senate of Brazil is likely to soon consider Bill number 630/2020, the “Fake News Law” ostensibly aimed at combating online disinformation. Recent amendments to this legislation have raised significant privacy and security concerns among Brazilian experts and pose risks to citizens and organizations doing business in Brazil. Requirements include the expansive collection…