Data companies are having to re-asses their operations following the decision by the Court of Justice of the European Union (CJEU) which has ruled the privacy shield framework as invalid. Standard Contractual Clauses (SCC’s) are still adequate, however questions remain over the longer-term implications.
Now that we as individuals and companies are more than even depending on a globally connected world, companies in the EU will have to consider whether the host nation of the company they are sharing data with is operating under the same data transfer rules as the EU.
Some feel that this will effectively hamstring European international companies but there is also the potential that this makes having an EU location more valuable than previously assumed.
The concept of the EU becoming a data island was mentioned on the IAPP website and is looking increasingly possible as the decision by the CJEU only related to US data transfers. It could actually have an effect on data transfers anywhere outside of the EU. Data Protection Authorities now have to decide whether to potentially halt all data transfers outside of the EU. Which is a massive undertaking and in turn creates grey areas for data transfer like never seen before.
Will the UK post Brexit create their own framework in the mould of a privacy shield granting licenses for confirming companies or fully align with the EU?
Many questions remain on this topic, the decision is made, and the void is created between that and the solution.
Mathew is a Consultant at Fides Search. He dedicates his time to working with clients on their key strategic hires within TMT. To find out more get in touch with Mathew:
Mobile: +44 (0) 7391 405 563 | Direct Dial:+44 (0) 20 3642 1874 | firstname.lastname@example.org