Schrems II: Impact of the EU Court of Justice Decision on Your Global Data Flows

November 16, 2020 – 12:45PM EST

On July 16, the EU Court of Justice issued a decision invalidating the EU-U.S. Privacy Shield Framework, which enabled thousands of companies to move personal data across the Atlantic in support of global commerce. The Court also made clear that transfers under EU-approved standard contracts (used by the vast majority of global companies) require case by case assessments and “additional safeguards” if they are subject to foreign government access rules that aren’t essentially equivalent to EU legal requirements. This has called into question the legality of global data movement and sent companies scrambling for technical (think encryption) and legal (contractual and otherwise) fixes. This session will examine how companies are responding in practice, existing options for “additional safeguards”, and the broader path forward as US-EU negotiations progress.

Learning Objectives

  • Understand the implications of the “Schrems II” ruling for your company.
  • Learn how companies around the world are currently responding.
  • Discuss the technical, organizational and contractual safeguards under consideration to enable continued data flows, including when they might help and where they can’t.

Caitlin Fennessy

Research Director, IAPP

Phil Lee

Partner, Fieldfisher

Paul Jordan

Managing Director, IAPP

You need to purchase your pass and register for Security Congress before you can save your spot to attend this session.