WASHINGTON – The Information Technology Industry Council (ITI), the global voice of the tech sector, released the following statement today from President and CEO Dean Garfield regarding a draft decision issued by the Irish Data Protection Commissioner (IDPC) in Schrems v. Data Protection Commissioner. The IDPC action is the latest fallout from the Schrems decision last October invalidating the Safe Harbor framework, which governed data transfers between the European Union (EU) and United States for fifteen years. As part of its continuing investigation into Max Schrems’ claims, the IDPC issued a draft decision that calls into question whether Standard Contractual Clauses (SCCs), an alternative data transfer mechanism, are valid under EU law.
“Companies of all sizes around the world currently rely on the standard contractual clauses that are being called into question by the IDPC to transfer data over the Internet from the EU to other markets, including the United States,” Garfield said. “The IDPC draft decision will ultimately be reviewed by the European Court of Justice, but it highlights the need for EU and U.S. negotiators to quickly conclude the Privacy Shield Agreement and establish a reliable basis upon which to transfer data. In short, the IDPC draft decision should be a catalyst to reach closure on the Privacy Shield negotiations rather than a reason to delay.”
Garfield, emphasizing the need to bring certainty to how data traverses the Internet, said, “The IDPC’s draft decision reinforces the need for EU and U.S. leaders to deliver what ITI and most businesses have long sought: Durable global policy solutions that enhance privacy protections while enabling the global data flows needed to promote innovation and economic growth.”
In October 2015, the Court of Justice of the European Union (CJEU) in the Schrems case issued a judgment invalidating the Safe Harbor Framework, which since 2000 had provided a mechanism for facilitating data transfers from the EU to the United States, and required the IDPC to fully investigate Schrems’ claims, including whether the U.S. legal regime provides an adequate level of protection for personal data.
# # #