On July 16th, the Court of Justice of the European Union stated a new decision with an impact on the mechanisms used for the international transfer of data - Case C-311/18: Data Protection Commissioner v. Facebook Ireland Ltd. and Maximilian Schrems. This decision determines the invalidity of the use of the Privacy Shield for data transfers between the European Union and the United States of America, due to concerns related with necessity and proportionality in the processing of personal data.
This decision also determines the validity of the transfer mechanism also known as the general contractual clauses, in order that the companies verify, on a case-by-case basis, whether the legislation of the country of transfer ensures an adequate level of protection, in accordance with the legislation for the protection of European data. If it is concluded that the country of transfer does not ensure an adequate level of protection in accordance with the RGPD, additional guarantees must be provided to ensure data protection or else, companies must suspend transfers.
Access here for the decision:
Comentarios