BRUSSELS – Today, global tech trade association ITI led a wide-ranging coalition of industry groups in a call to the European Data Protection Board (EDPB) and the European Commission to ensure much-needed legal certainty around data flows in and outside of the European Union.
“International data flows are an integral pillar of global trade, and any disruption to their free flow constitutes a major challenge to every economic sector,” the groups wrote in a letter. “The recent developments following the Schrems II judgment in the European Union are creating deep uncertainty throughout the world, as the wide geographic variety of co-signatories to this statement demonstrates.”
Signatories note that the repercussions of an unduly restrictive approach to data flows will also hit hard more traditional European industries, as a recent BusinessEurope-led coalition statement underlines. They also highlight uncertainties caused by the 16 July ruling of the Court of Justice of the European Union in the so-called Schrems II case (C-311/18) invalidating the EU-U.S. Privacy Shield agreement as a mechanism to transfer data between the EU and the U.S. Particularly, the groups urge decision-makers to address concerns raised around the European Data Protection Board’s draft Recommendations for supplementary measures. The groups recommend that equipping companies with a practical “toolbox” of measures would aid compliance and align with the GDPR’s risk-based approach while allowing for practical ways to allow data transfers in a way that is compliant with EU law.
The full letter is available here. It was signed by the Information Technology Industry Council (ITI); Abelia – The business Association of Norwegian knowledge- and technology-based enterprises; ACT | The App Association; Alliance for Automotive Innovation; Allied for Startups; American Chamber of Commerce to the European Union (AmCham EU); American Chamber of Commerce Ireland (AmCham Ireland); Australia Services Roundtable (ASR); Biotechnology Innovation Organization (BIO); Coalition of Service Industries (CSI); Computer and Communications Industry Association (CCIA); Confederation of Industry of the Czech Republic; Danish Entrepreneurs; Developers Alliance; Ecommerce Europe; European Research Federation (efamro); European Services Forum (ESF); Electronic Transactions Association (ETA); EU Travel Tech; European Publishers Council (EPC); Federation of European Direct and Interactive Marketing (FEDMA); IAB Europe; Internet Association (IA); IT&Telekomföretagen; Software & Information Industry Association (SIIA); TechNet; TechUK; United States Council for International Business (USCIB); US Chamber of Commerce; World Federation of Advertisers.
Additionally, ITI submitted its own set of comments to the EDPB pointing to a number of concerns and suggestions for improvement of the supplementary safeguards. In particular, ITI notes that aspects of the EDPB’s recommendations appear to go far beyond the requirements set by the CJEU’s Schrems II ruling, depart from the risk-based approach enshrined in the GDPR, and propose a prescriptive and unnecessarily limiting approach to the use of supplementary measures. The full version of ITI’s comments is available here.