The EU Commission has presented new standard data protection clauses that are intended to make international data transfers more legally secure. […]
The background is the ruling of the European Court of Justice (ECJ) from the summer of 2020, which declared the so-called Privacy Shield, which regulated the exchange of data between the EU and the USA, invalid and with which additional requirements for international data transfers were established.
Susanne Dehmel, member of the Bitkom Executive Board, explains: “The EU wants to create more legal certainty for companies with data processing in the USA or other third countries with the new standard data protection clauses. This is the right step. For globally active companies, it is crucial that they can handle their business processes and data flows in a legally compliant manner. However, the new clauses do not solve the problem of case-by-case examination. At the same time, companies are now faced with a huge conversion effort, without being spared from evaluating the data flows to the so-called third countries in each individual case. In addition, there are further ambiguities in the new regulations: For example, the companies should implement additional protective measures to secure the data flows – but which exactly this should be left to the internal evaluation. Many companies can hardly cope with this.
The assessment of the level of data protection in other countries is a highly complex task, and the conversion of technical measures by today’s networked economy is associated with great effort. We need political solutions for the transfer of third countries– not only for the essential exchange of data between the USA and the EU. For the future, it will be crucial that more fundamental so-called adequacy decisions for important third countries permanently secure the exchange of data and exempt companies from case-by-case examination.
The frequently mentioned requirement to simply process data exclusively in Europe is not a solution. It is difficult to implement both technically and practically. Data exchange is essential for day-to-day work, especially for transnational or global companies and organizations with locations in different regions. European healthcare companies with research centers in the USA or India are just as affected as IT companies that secure 24-hour support globally and thus across all time zones.
“Further information on the topic can be found in the “Association letter on the receipt of international data transfer to Schrems II”, which you can access here.
* Bernhard Lauer is a freelance editor of dotnetpro and is responsible for the section Basic Instinct. With Visual Basic, he has been programming privately since version 1.0.