In her intervention at the “The General Data Protection Regulation one year on: Taking stock in the EU and beyond” event held on 13 June 2019, Commissioner Věra Jourová discussed the state of the art of the GDPR, also with the aim of providing input to the next Commission who “will have to start working on the 2020 review and also review the various existing adequacy decisions.”
Jourva’s speech (which you should take a look at if you haven’t yet, very much worth a read) explores the competitive advantage that privacy and GDPR compliance provide to companies as well as the global importance of privacy, the EU-Japan adequacy arrangement, and finally, set out her three main priorities for the remainder of her mandate:
- Ensure a uniform application and implementation of the rules in Member States;
- Uniform enforcement by the European Data Protection Board/create culture of privacy among data protection authorities;
- Help businesses comply.
It is point 3 that really captured my attention. Here Jourva stressed the importance of certifications/codes of conduct and the infamous standard contractual clauses and their vital roles in GDPR compliance.
In fact, Jourva announced that the European Commission is already “working to modernise standard contractual clauses”. This is of extreme importance, especially in light of the Data Protection Commissioner -v- Facebook Ireland Ltd & anor case where the Irish Supreme Court ordered referral to the Court of Justice of the European Union to determine the legality of data transfer mechanisms, refusing Facebook’s request to overturn the Irish High Court’s ruling which will be heard in July.
Numerous companies rely on the Standard Contractual Clauses and Privacy Shield to carry out lawful data transfers outside of the EEA and modernisation of the SCCs will prove vital in the current situation where such mechanisms are under close scrutiny and in the future in order to allow data to be sales transferred outside Europe.