By: Carol A. F. Umhoefer and Andrew Serwin

The Schrems II decision of the Court of Justice of the European Union (CJEU), rendered on  July 16, 2020, invalidated the EU-US Privacy Shield and created new obligations, notably for businesses transferring personal data pursuant to standard contractual clauses (SCC). On November 10, 2020, the European Data Protection Board (EDPB) issued recommendations on measures that businesses can adopt to supplement transfer tools, such as SCC, in order to ensure compliance with EU data protection law.

Importantly, these recommendations have been published as a draft for public consultation; comments may be submitted through November 30, 2020.

The EDPB has also issued recommendations regarding the essential guarantees afforded by EU law in respect of surveillance measures, to serve as a guide for assessing the laws of countries where personal data is transferred.

Learn more about these European Data Protection Board recommendations here.