On September 3, 2020, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) held a meeting to discuss the Schrems II decision and the future of personal data transfers between the European Economic Area (EEA) and the U.S.[1]

Justice Didier Reynders, the EU Commissioner for Justice, stated that conversations with U.S. counterparts (most likely the Department of Commerce) on a possible new data transfer framework have started, but that it is impossible to predict or provide a clear timeline.[2] The European Commission is currently working on an amended set of standard contractual clauses (SCCs) that will address the concerns of the Schrems II decision and incorporate the General Data Protection Regulation (GDPR).[3] The European Commission hopes to finalize new SCCs by the end of 2020.[4] The adoption of new SCCs requires both the opinion of the European Data Protection Board (EDPB) and a vote from the EU member states.[5] Additionally, the new SCCs will address the GDPR, as well as transfer scenarios between an EU data processor and a non-EU data processor (which the current SCCs do not address), and that the new SCCs must reflect the realities of data processing in our modern economy.[6]

Dr. Andrea Jelinek, Chair of the EDPB, made clear that the EDPB is committed to supporting the European Commission in creating a new method for EU-U.S. data transfers.[7] Currently, each company that is transferring personal data must take their responsibilities seriously and perform case-by-case analyses based on the protections in place for the data transfer.[8] The EDPB expects to release further guidance for companies’ completed transfers, and currently released opinions will be updated to reflect the Schrems II decision.[9] The EDPB has also established a task force to review complaints and will work closely with national Data Protection Authorities (DPAs) in responding to complaints.

Maximillian Schrems, the plaintiff in landmark privacy cases in the EEA (including Schrems II), stressed that there is a fundamental clash between U.S. intelligence surveillance laws and the EU Charter of Fundamental Rights. [10] Accordingly, he has expressed an intent to file a legal challenge to a new framework unless it can somehow comply with the GDPR and the Schrems II decision.[11]

[1] Multimedia Centre Eur. Parliament, Committee on Civil Liberties, Justice and Home Affairs (Sept. 3, 2020), https://multimedia.europarl.europa.eu/en/committee-on-civil-liberties-justice-and-home-affairs_20200903-1345-COMMITTEE-LIBE_vd?auth_cloudf=c3e8a8d1-e536-ac08-b5a9-1a4fbc1f3951.

[2] Id.

[3] Id.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] Id.