|
The signatories note the substantial legal uncertainty which companies currently face regarding the conditions under which Standard Contractual Clauses (SCCs) can be used for data transfers, especially to the US, and to the questions it has raised on all the available mechanisms under the GDPR to transfer personal data between EU and non-EU countries.
Warning against risks such as the fragmentation in the interpretation and enforcement of the judgement by national data protection authorities (DPAs), the signatories welcome the European Data Protection Board’s (EDPB) work on guidance on additional measures companies can put in place alongside SCCs, and stress the need for a proportionate and risk based approach. The Annex of the letter includes specific recommendations for this upcoming Guidance.
The European Commission’s work on modernizing the SCCs is also welcome and the signatories call on the Commission to finalize their work, providing SCCs which take a risk based approach, provide for transfers in a variety of situations and relationships and are available for use as standalone tools.