Insights & news

Advocate General Confirms Validity of EU Standard Contractual Clauses

  • 14/01/2020
  • Articles

Advocate General Henrik Saugmandsgaard Øe recently delivered his opinion in the Facebook Ireland and Schrems case, (also known as the Schrems II case). The Advocate General states that the validity of the Commission Decision approving standard contractual clauses for the transfer of personal data (SCCs) cannot be called into question. At the same time, the Advocate General indicated that controllers and supervisory authorities have an obligation to suspend transfers on the basis of SCCs if the obligations contained in the clauses cannot be guaranteed under the laws of the data importer.

Please click below for a short client memorandum on these guidelines. 


Key contacts

Related practice areas

Related insights

Sign up for updates
    • 07/04/2020
    • Articles

    COVID-19 | European Data Protection Supervisor (EDPS) urgently asks Member States to adopt harmonised approach for protection of personal data

    On 6 April 2020, the European Data Protection Supervisor (EDPS), the European regulator overseeing data protection compliance at the EU institutions, urgently asked Member States to adopt a harmonised approach for the protection of personal data when tackling the COVID-19 crisis. The EDPS also called for a pan-European model “COVID-19 mobile application”. The EDPS emphasises that EU data protection rules, including the General Data Protection Regulation, do not stand in the way of any necessary action to face the challenges posed by Covid-19. Instead, the EDPS maintains that these rules provide the framework for tackling the problems while mitigating any risks of eroding the fundamental rights of individuals. According to the EDPS, Member States should not turn to national tools only: “[i]f we are so connected with each other, we will not be able to solve it with national tools only. The more European will our answer be the better results we will gain”. The EDPS confirms that, given the urgency and nature of the crisis, exceptional measures can be justified, but these should observe safeguards designed to prevent a lasting impact on fundamental rights and freedoms. As a result, exceptional measures should (i) be temporary; (ii) be limited to the specific purpose of fighting the COVID-19 crisis; (iii) restrict access to the data; and (iv) contain rules governing the fate of the data after the crisis. Various Member States have relied on mobile applications or telecommunications data to combat the spreading of the virus with varying degrees of impact on the protection of the individual’s fundamental rights. An example in point is whether the telecommunications and location data used are truly anonymous. The EDPS notes that the use of “temporary broadcast identifiers and Bluetooth technology” is a useful means for contact tracing while respecting privacy. According to the EDPS, a pan-European model “COVID-19 mobile application” would ensure data protection by design from the start. The EDPS’ statement can be found here. Please do not hesitate to contact us should you have any questions on this matter.

    Read more
    • 06/04/2020
    • Articles

    Belgian DPA Publishes Direct Marketing Recommendation

    In its first general recommendation of 2020, the Belgian Data Protection Authority published useful guidance for direct marketing activities. Direct marketing is marked as a “priority sector” in the recently presented strategic plan of the Data Protection Authority. In this context, the recent recommendation provides welcome clarifications for the challenging task of aligning direct marketing with the protection of personal data. The recommendation discusses the roles of the various players in the direct marketing field, defines key concepts and provides an overview of how the GDPR’s data protection principles can be applied to direct marketing. The Data Protection Authority illustrates its recommendation with practical examples and recent decisions by supervisory authorities in various EU Member States.

    Read more
    • 31/03/2020
    • Articles

    Data Protection Authorities Provide Guidance on Processing of Personal Data in Context of COVID-19 Outbreak

    The outbreak of the new Corona virus COVID-19 has caused various emergencies with novel challenges for many organisations collecting and processing personal data, such as: • Employers monitor employees working from home; request employees and visitors to report risk factors such as travelling or exposure to people with flu-like symptoms; may need to report that an employee is infected with COVID-19 to other employees; • physicians and pharmaceutical companies may wish to use data to investigate new treatments; • authorities enforce lockdown measures by video cameras and tracking phones; and • health authorities need detailed test results and other health data to map virus spreads and keep detailed statistics.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *