New Standard Contractual Clauses for International Data Transfers

by András Gurovits, Clara-Ann Gordon, Janine Reudt-Demont

The EU Commission has adapted the standard contractual clauses used for international data transfers. The background to this is the Schrems II decision of the European Court of Justice (CJEU) of July 2020. According to this decision, the so-called “Privacy Shield” agreement was held to be insufficient to regulate the exchange of data between the EU and the USA in a form that is sufficient under the GDPR. The CJEU established additional requirements for cross-border data transfers. In its opinion of September 8, 2020, the Swiss Federal Data Protection and Information Commissioner (FDPIC) also concluded that the Privacy Shield Regime USA / Switzerland, despite granting special protection rights to data subjects in Switzerland, did not meet the requirements of adequate data protection under the Federal Data Protection Act (FADP).

Read more about this in our newsletter covering the topics below:

• One set of Standard Contractual Clauses with four Modules
• Obligation for prior checking of data transfer
• Deadlines for implementation
• Concrete measures for Swiss companies