We're (yet again) getting new SCCs 🎉

Don’t worry, they won’t be replacing the current SCCs. Rather we’ll be getting a set of SCCs in addition to the current one’s specifically regarding processing situations where non-EU data importers are directly subject to GDPR.

The EDPB published the minutes of its 54th plenary meeting. What is specifically interesting is paragraph 2, which sheds light on EDPB’s interpretation of perhaps the biggest currenct issue regarding data transfers from Europe - whether Chapter V GDPR data transfers restrictions apply where a foreign data importer is subject to the extraterritorial reach of the GDPR. According to the minutes the EDPB is likely going to adopt guidelines requiring Chapter V data transfer mechanisms be put in place in such cases.

It also reveals that the EC intends to develop a set of SCCs specifically for transfers to importers subject to Article 3(2).

This suggests that there will be two sets of SCCs: one applicable to importers who are not subject to the GDPR and the other for importers who are subject to the GDPR.

Although this is a solution to some problems under the current SCCs it also raises others. For example, a controller in a third country that has no establishment in the EEA but the GDPR applies because it is targeting Europeans would be a transfer subject to Chapter V. However since there is no counter party in Europe the controller will be unable to enter into SCCs.

FAQ | Privacy Policy |  ToS