The European Data Protection Board (EDPB) issued its final recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data last week, which provides additional guidance for international transfers to countries without an Article 45(3) adequacy finding.
Appropriate Safeguards and Technical Supplementary Measures
Getting to the heart of Schrems II and Article 46 transfers subject to appropriate safeguards, the EDPB notes “[a]n essentially equivalent level of protection to that guaranteed within the EU must accompany the data when it travels to third countries outside the EEA to ensure that the level of protection guaranteed by the GDPR is not undermined, both during and after the transfer.” EDPB Recommendations 01/2020 at 9.
As we’ve learned, standard contractual clauses and other Article 46 transfer tools are not bulletproof alternatives to an adequacy finding. Even when using SCCs and other transfer tools containing “appropriate safeguards,” the EDPB points out the other “supplementary measures” may be required “to ensure an essentially equivalent level of protection.” Id. at 13.
[Read more…] about EDPB Hints at the Need for Post-Quantum Cryptography in New Data Transfer Recommendations