By invalidating the EU-U.S. Privacy Shield but not rejecting wholesale the use of standard contractual clauses to transfer data to the U.S., the Court of Justice of the European Union in “Schrems II” left open the possibility that such transfers could continue. However, it emphasized that exporters and importers may need to adopt additional safeguards when using SCCs to ensure an adequate level of protection for personal data transferred to the U.S.
Until now, commentators have seemed unsure as to what those safeguards might be or how they can address potentially irredeemable flaws in the U.S. surveillance system. In this article published in the IAPP Daily Dashboard, ZwillGen attorneys Marc Zwillinger, Mason Weisz, and Kandi Parsons detail a proposed solution consisting of technical measures, supplemental clauses, and exit strategies.