ECJ Invalidate EU-US Privacy Shield
The Court of Justice for the European Union (ECJ) on the 16th June invalidated the Privacy Shield Framework. The Privacy Shield Framework was one of the rules which allowed companies to transfer data between the EU and US while complying with GDPR and Data Protection. We know that some of our clients may have questions on how this could affect their marketing campaigns. We hope to clear this up below.
Of course, this change raises questions on the transfer of data with GDPR in mind. International data transfers are vital in large companies, especially those located around the globe. Global data transfers are also crucial for the global economy.
The invalidity of the Privacy Shield now means that we must comply with Standard Contractual Clauses (SCC). We are still able to transfer data to the US. However, a contract must be signed to allow the transfer of data between the EU and the US. Moving forward, we have measures in place to monitor this to ensure full compliance.
What is the SCC?
The Standard Contractual Clauses (SCC) are a contractual framework which has been approved by the EU. The SCC allows parties to agree and replicate the standards of EU privacy laws by entering into agreements with parties based outside of the EU. This is to make sure that an adequate level of data protection is applied and is compliant with the member states laws. The SCC was ruled valid by the European Court on the 16th July 2020.
This means that we must identify and assess all data transfers to the US and verify the legal basis. We will adhere to the SCC to ensure sufficient safeguards on data protection, allowing us to transfer data internationally. This means that our existing clients and clients to be can take full comfort knowing that we can continue our working relationship, and both parties remain compliant to the European standards and applicable data protection laws despite the invalidity of the Privacy Shield.
This new ruling gives an essential role for supervisory authorities to play, who are currently considering the best approaches. As we learn more from these bodies, we will update and inform you of where we stand and what needs to be done.
At this moment in time, the ICO understands that UK businesses are facing challenges and they are working to carry on providing their advice and support.
Now, more than ever, we strongly recommend that you deliver all email campaigns via a whitelisted email platform based inside of the EU. This helps your email campaigns remain in line GDPR, and all EU email platforms will adhere to GDPR. Please see the email platform we recommend here.