This resolution is being voted on next Thursday May 20th, and is expected to be passed. MOTION FOR A RESOLUTION on the ruling of the CJEU of 16 July 2020 - Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (‘Schrems II’), Case C-311/18
The main takeaways are:
- The continuing effect of adequacy decisions until they are found invalid by the CJEU.
- Considering Schrems II in new adequacy decisions
- Concern about DPC practices, calls on the commission to start infringement procedures against Ireland for not properly enforcing the GDPR.
- Is concerned about insufficient level of enforcement of the GDPR, particularly in the area of international transfers and expresses concerns at the lack of prioritization and overall scrutiny by national supervisory authorities with regard to personal data transfers to third countries, despite significant CJEU case law.
- Concern about conflicts between the EDPB’s Guidelines 1/2020 and the SCC drafts of the Commission, prefers the EDPB guidelines.
- Welcomes the EDPB recommendations to rely on objective factors when assessing third countries, rather than subjective factors.
- Future adequacy decisions of the Commission should not be based on a system of self-certification, like Privacy Shield.
- Points out that for data controllers that fall within the scope of the US Foreign Intelligence Surveillance Act (FISA), a transfer of personal data from the Union is not possible under these SCCs, due to the high risk of mass surveillance.
- Emphasizes the need for a reform of US surveillance laws and practices.