The international transfer or sharing of corporate, consumer or employee data is critical to the business operations of multinational corporations across industries. The future of international data flows and use of data transfer mechanisms has been called into question by the Court of Justice of the European Union (CJEU) in its recent ruling invalidating the EU-U.S. Privacy Shield. This has become widely known as the "Schrems II" decision. In addition to invalidating the Privacy Shield, the CJEU has placed some conditions on the use of standard contractual clauses (SCCs), which is an alternative legal mechanism for safeguarding personal data transferred outside the EU. It is currently unclear whether a grace period for enforcement will be granted and there are a myriad of considerations in determining an alternative safeguarding mechanism.

Other Topics