The European Data Protection Board ('EDPB') announced, on 21 June 2021, that it had adopted, on 18 June 2021, the final version of its Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. In particular, the EDPB highlighted that the recommendations, which were first adopted in November 2020, following the Court of Justice of the European Union ('CJEU') judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case') aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate supplementary m
News
EU: EDPB adopts final version of recommendations on supplementary measures
June 21, 2021
Summary
The European Data Protection Board (EDPB) adopted the final version of Recommendations 01/2020 on 18 June 2021, providing guidance for data exporters on ensuring EU-level data protection when transferring personal data to third countries. The recommendations, revised after the Schrems II Case, emphasize assessing third country public authorities' practices and the possibility of considering the importer's practical experience. They also clarify that third country legislation allowing data access without the importer's intervention may affect the transfer tool's effectiveness. The new Standard Contractual Clauses (SCCs) are addressed, with the recommendations serving as a tool to verify local laws and practices for SCC compliance and the need for supplementary measures.