On July 16, 2020 the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield as an adequate framework for regulating exchanges of personal data between the European Union and United States. This decision introduces greater complexities to those managing data privacy because many multinational organizations relied on the Privacy Shield for cross-border data transfers. The best approach companies can take is to understand the data transfer mechanisms that may be in play and how to use them. Without an agreement such as Privacy Shield in place, there is no adequacy agreement that validates data transfers between companies in the EU and those in the U.S. Instead, organizations must turn to options, including SCCs and/or binding corporate rules (BCRs).
To find out more about what companies should be doing to maintain compliance going forward, please click here.