DOC Publishes FAQs on Schrems II Decision

The U.S. Division of Commerce has issued two new units of FAQs in mild of the Court docket of Justice of the European Union’s (“CJEU’s”) latest resolution to invalidate the EU-U.S. Privateness Defend in Schrems II. We beforehand reported on the Schrems II ruling and its implication for companies that switch private knowledge to the U.S. The brand new FAQs from the Division of Commerce tackle the impression of the choice on the EU-U.S. Privateness Defend framework and the Swiss-U.S. Privateness Defend framework.

Beneath is a abstract of the important thing factors from the new FAQs on the EU-U.S. Privateness Defend (“Privateness Defend”):

The brand new FAQs state that though (because of the Schrems IIruling) the Privateness Defend “is now not a legitimate mechanism to adjust to EU knowledge safety necessities when transferring private knowledge from the European Union to america . . . this resolution doesn’t relieve contributors within the EU-U.S. Privateness Defend of their obligations below the EU-U.S. Privateness Defend Framework.”

The FAQs additional state that the Division of Commerce will proceed to manage the Privateness Defend program, together with processing functions for self-certification and recertification and sustaining the Privateness Defend record.

The FAQs level to a July 21, 2020 assertion from the U.S. Federal Commerce Fee (“FTC”) noting that the FTC “proceed[s] to count on corporations to adjust to their ongoing obligations with respect to transfers made below the Privateness Defend Framework.”

As well as, the FAQs clarify that organizations that want to stay on the Privateness Defend record proceed to be required to yearly recertify to the Privateness Defend framework, together with by paying the annual processing charge. Organizations that want to withdraw from the Privateness Defend (1) should bear the prevailing formal withdrawal course of and take away public-facing representations about Privateness Defend participation from their web sites and different public paperwork, and (2) are topic to ongoing necessities associated to knowledge acquired below the Privateness Defend.

The brand new FAQs additionally point out that it’s the view of the Division of Commerce that continued participation within the Privateness Defend “demonstrates a severe dedication to guard private info in accordance with a set of privateness ideas that supply significant privateness protections and recourse for EU people.”

Relating to the Swiss-U.S. Privateness Defend, the up to date FAQs state that “[t]he Swiss-U.S. Privateness Defend Framework stays a legitimate mechanism to adjust to Swiss knowledge safety necessities when transferring private knowledge from Switzerland to america.” The Swiss-U.S. Privateness Defend FAQs additionally notice that on July 16, 2020, the Federal Knowledge Safety and Data Commissioner of Switzerland (“FDPIC”) issued a assertion that the “FDPIC has taken notice of the CJEU ruling. This ruling shouldn’t be straight relevant to Switzerland. The FDPIC will look at the judgement intimately and touch upon it sooner or later.”

Along with the small print listed above, the brand new FAQs from the Division of Commerce state that “[t]he United States stays dedicated to working with the EU to make sure continuity in transatlantic knowledge flows and privateness protections. The U.S. Division of Commerce has been and can stay in shut contact with the European Fee and European Knowledge Safety Board on this matter and hopes to have the ability to restrict the adverse penalties of the choice to the transatlantic knowledge flows which might be so very important to our respective residents, corporations, and governments.”

The European Knowledge Safety Board (“EDPB”) additionally has printed FAQs on the implications of the Schrems II case – learn our weblog publish concerning the EDPB FAQs.