Annabel Gillham spoke to Compliance Week about the Court of Justice of the European Union’s (CJEU) decision that invalidated the EU-U.S. Privacy Shield, a mechanism used by thousands of companies to send data from Europe to the United States.
According to Annabel, for the time being, organizations – including large technology firms – need to “stay put and continue with what they have been doing.”
“While there needs to be more due diligence around the use of SCCs, in particular, in third countries with strong surveillance laws, the CJEU has said that they remain valid and so they can continue to be used,” Annabel added. “As such, tech firms are not breaking any rules by using them. Until the European Commission and EU data protection authorities come up with either an alternative mechanism, or guidance about how SCCs can be used to ensure data protection, companies and tech firms have little choice but to continue with the status quo.”
Read the full article (subscription required).