JUL 16, 2020 | US | EUROPEAN UNION
BSA Statement on European Court of Justice Ruling on “Schrems II” Case
BRUSSELS – July 16, 2020 – BSA | The Software Alliance is pleased that today’s decision by the European Court of Justice (ECJ) upheld Standard Contractual Clauses, consistent with BSA’s amicus brief and arguments submitted to the Court, but is disappointed that the ECJ invalidated the EU-US Privacy Shield.
“Today’s ECJ decision creates a challenge for more than 5,300 U.S.-based companies—including over 250 with headquarters in Europe—that relied on the Privacy Shield to transfer personal data to and from Europe,” said Thomas Boué, Director General of Policy—EMEA at BSA. “70 percent of the companies certified to the Privacy Shield were SMEs, and they will now have to spend time and resources finding alternatives to carry out daily business transactions like processing payroll, sending emails, or storing documents on cloud-hosted servers.”
“Companies need to have reliable and stable mechanisms to send data from the EU to the United States. This is an unwelcome development at a time when businesses on both sides of the Atlantic are focusing on recovering from the economic impacts of Covid-19 and are increasingly relying on data-driven tools and services to do so,” Boué added.
“BSA is studying the details of the decision. We stand ready to work immediately with the European Commission, the US Government, and the transatlantic business community, who share the common goal of finding a new, sustainable data transfer mechanism that will work for the long term,” said Boué. “More positively, the Court has upheld the ability to use Standard Contractual Clauses as a responsible, trusted tool to transfer personal data outside Europe, including to the United States.”
Standard Contractual Clauses – or SCCs – are the main transfer mechanism used by 90 percent of companies that transfer data internationally. SCCs, which are issued by the EU Commission, were also under review by the ECJ. SCCs underpin transfers of personal data from the EU to some 180 countries, including Australia, Singapore, South Korea, Brazil, India, and Mexico. These clauses impose a range of contract-based obligations to help ensure EU law’s strong privacy protections flow with any personal data sent outside of the EU. The SCCs impose mandatory safeguards and companies that use SCCs also apply additional safeguards that are tailored to each specific transfer.
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.