Following the Schrems II July 16, 2020 ruling from the European Court of Justice, organizations that use EU-approved data transfer mechanisms like Standard Contractual Clauses and Binding Corporate Rules must now verify, on a case-by-case basis, whether foreign legal protections concerning government access to personal data meet EU standards. 

In response, the US Department of Commerce has issued a formal "Standard Contractual Clauses" White Paper to help organizations assess whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling outlining the robust limits and safeguards in the United States for government access to data.

Like European nations and other countries, the materials explain that the United States conducts intelligence gathering activities to ensure that national security and foreign policy decision-makers have access to timely, accurate, and insightful information on the threats posed by terrorists, criminals, cyber hackers, and other malicious actors. Particularly in view of the extensive U.S. surveillance reforms since 2013, however, and as detailed more fully in the White Paper, the U.S. legal framework for foreign intelligence collection provides clearer limits, stronger safeguards, and more rigorous independent oversight than the equivalent laws of almost all other countries. 

The White Paper notes that most companies "do not deal in data that is of any interest to U.S. intelligence agencies, and have no grounds to believe they do."  Even so, Commerce warned that its materials are not intended to be used as guidance, and has called for European authorities to clarify how to handle compliance issues stemming from the decision.

To access the Commerce Department's Standard Contractual Clauses White Paper, click on the link below.  We will continue to monitor this legal development, and update our clients as appropriate.  

If you have any questions about this or any other privacy law, please do not hesitate to reach out to the author, Harry Valetk.

Department of Commerce: Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II