Ecommerce Europe co-signed two joint industry statements on international data flows

Shares

Global Business Community Statement on Safeguarding International Data Flows

Ecommerce Europe co-signed a letter, dated 21 December 2020, together with a wide range of organisations representing the business community on safeguarding international data flows. In light of the developments in the EU on international data flows, including the recent Schrems II ruling, the European Commission’s consultation on standard contractual clauses (SCCs) and the European Data Protection Board’s (EDPB) consultation on the Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, a broad global industry coalition jointly asked the Commission and the EDPB for a sustainable solution for international data transfers. In particular, the coalition recommends the EDPB to revise its Recommendations and instead provide an opportunity to equip companies with a practical “toolbox” of measures that would help them comply with the parameters set by the Court without going beyond them, and align with the GDPR’s risk-based approach while allowing for practical ways to allow data transfers in a way that is compliant with EU law.

You can find the full letter here.

Joint industry response to EDPB Recommendations on measures that supplement transfer tools

Together with the European Payment Institutions Federation (EPIF), Payments Europe and the Merchant Risk Council (MRC), Ecommerce Europe published another joint industry reply to the European Data Protection Board’s (EDPB) consultation on the Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. Concretely, the letter asks the EDPB to take into account five main comments:

  1. Provide a list of regulations considered as not affording a level of protection in the third country that is essentially equivalent to that which is guaranteed in the EEA
  2. Allow data exporters to take account of the full context of a transfer;
  3. Propose technical measures that are workable in practice;
  4. Clarify that contractual measures may provide sufficient safeguards; and
  5. Make clear that enforcement by supervisory authorities will be measured and appropriate.

You can find the full letter here.

Shares