Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal data. The question is if data exports can continue in the wake of the Court of Justice of the European Union’s (CJEU) ruling in the “Schrems II” case.
In Schrems II, the CJEU held that standard contractual clauses (SCCs) were an acceptable data transfer mechanism – provided these came with “adequate safeguards.” As EU Data Protection Authorities (DPA) release their interpretations, it becomes clear that adequate safeguards, like beauty, are in the eyes of the beholder. Thus whether SCCs remain viable turns on the identity of the DPA. So much for a uniform EU-wide privacy regime.