The European Data Protection Board (“EDPB”) has released a draft for public comment of its long-awaited recommendations on international transfers of personal data in light of the Court of Justice of the European Union’s (“CJEU”) Schrems II decision this past July.
The EDPB released these recommendations in an effort to provide guidance for companies uncertain about the legality of their international personal data transfers in the face of potentially severe penalties for noncompliance – up to 4% of annual global revenue or 20 million Euros, whichever is higher. The guidance is being both praised for its thorough examination of the complex legal issues surrounding ongoing international transfers under the European Union General Data Protection Regulation (“GDPR”) as well as condemned for its purported disconnect with the reality of the global digital economy and the functioning of multinational businesses.
The EDPB’s Recommendations are still subject to review and comment until December 21, and the Court of Justice of the European Union and European Commission have yet to release any responses on the recommendations, if they even choose to do so.
Read the full alert by Amy Lewis.