September 30, 2020
In its Schrems II ruling, the European Court of Justice empowered EU data protection authorities (DPAs) to review companies' standard contractual clauses for transfers to non-adequate jurisdictions (i.e., the U.S.) and to invalidate them when protections are not "essentially equivalent."
Consequently, companies under review by DPAs may find themselves having to explain U.S. national security safeguards in order to defend their commercial transfers of data to the U.S. As recent proposals by the Irish Data Protection Commission illustrate, European regulators may be prone to suspend data transfers if left to interpret the Court's decision in a broad manner.
To address this issue, we are urging the U.S. Government to engage DPAs to provide them a fulsome and accurate representation of the many legal safeguards in place governing U.S. intelligence practices. The publication of the Department of Commerce’s White Paper on this subject on September 28 was a helpful first step in this regard.