Last week’s “Schrems II” ruling by the Court of Justice of the European Union invalidated the “Privacy Shield” arrangements which are used as the legal basis for some transfers of personal data from the EEA to the US. With broader significance, the decision has also highlighted the limitations applicable under GDPR to other methods for transferring personal data to countries outside the EEA, such as Standard Contractual Clauses.
Jagvinder Singh Kang, our International Head of IT Law considers these issues further in this article, and at a webinar on Thursday 30 July.