• Skip to main content
  • Skip to footer
  • About
    • Leadership
    • Code of Ethics
    • Privacy Commitment
    • Fellowship Awards
    • Media
  • Get Involved
    • Membership
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
      • Member Contact Update
    • Donate
      • Donor Bill of Rights
    • Speak Out
    • Volunteer
  • Certification
    • Guiding the Profession
    • Why Pursue Certification?
    • Benefits of certification
    • Certificate or Certification?
    • Recertification
    • Certification FAQ
    • Accreditation
  • Careers
    • Current Opportunities
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • International Data Flows
      • Stay Informed & Avoid Spam
      • SPARC Contribution Guidelines
    • Commissioners
    • Publications
    • Professional Development
    • Speaking Invitations & Media Requests
  • News & Views
    • Guest Post Guidelines
  • EVENTS
    • Privacy & Data Governance Congress
      • Call for Proposals
      • Sponsors and Partners
      • Attendees
      • Congress FAQ
    • Past Events
  • Privacy Matters
  • Login

Privacy and Access Council of Canada

The voice for privacy and access

Cart

DPA guidance in the aftermath of Schrems II

On 16 July 2020, after months of anticipation, the Court of Justice of the European Union (CJEU) delivered its decision in Schrems II. The eagerly-awaited ruling is the latest milestone in the tug-of-war launched by Austrian privacy advocate Max Schrems that was touched off by Edward Snowden’s revelations about the vast reach of the US surveillance apparatus.

The CJEU decision determined that the Privacy Shield framework is inadequate to provide EU-equivalent safeguards for personal information when it is transferred to the US; that EU citizens have no right of recourse in the US; that, while other data transfer mechanisms might still be valid, their validity must be determined on a case-by-case basis; and that data controllers must determine if the risk to personal information would be too great in the destination country. As well, national data protection authorities must ‘suspend or prohibit a transfer of personal data to a third country,’ if safeguards for personal information in the receiving country are less than essentially equivalent to the protections afforded under EU law.

The Schrems II decision also underscores the global reach of the GDPR, and the importance of “data importers” around the world understanding the positions that Data Protection Authorities have taken in light of the Schrems II decision.

Croatia — Data Protection Agency — View Statement/Guidance

Cyprus — Personal Data Protection Commissioner — View Statement/Guidance

Czech Republic — Office for Personal Data Protection (Urad Pro Ochranu Osobnich Udaju) — View Statement/Guidance

Denmark — Data Protection Agency (Datatilsynet) — View Statement/Guidance

Estonia — Data Protection Inspectorate (Andmekaitse Inspektsioon) — View Statement/Guidance

European Commission — View Statement/Guidance

European Consumer Organisation’s (BEUC) — View Statement/Guidance

European Data Protection Board — View Statement/Guidance

European Data Protection Supervisor (Contrôleur européen de la protection des données) —View Statement/Guidance

Finland — Data Protection Ombudsman (Tietosuojavaltuutetun Toimisto) — View Statement/Guidance

France — National Commission for Informatics and Liberties (Commission Nationale de l’Informatique et des Libertés) — View Statement/Guidance

Germany — German supervisory authorities (Datenschutzkonferenz) View Statement/Guidance

Germany — Berlin: Data Protection and Freedom of Information Commissioner (Beauftragter für Datenschutz und Informationsfreiheit) — View Statement/Guidance

Germany — Hamburg: Data Protection Commissioner (Hamburgischer Datenschutzbeauftragter) — View Statement/Guidance

Germany — Rhineland Palatinate: Data Protection Commissioner (Landesbeauaftragte für den Datenschutz Rheinland-Pfalz) — View Statement/Guidance, View FAQ

Germany — Thuringer: Data Protection Commissioner (Thüringer Landesbeauftragte für den Datenschutz) — View Statement/Guidance

Guernsey — Office of the Data Protection Authority — View Statement/Guidance

Iceland — Data Protection Authority — View Statement/Guidance

Ireland — Data Protection Commissioner (An Coimisinéir Cosanta Sonraí)— View Statement/Guidance

Latvia — State Data Inspectorate (Datu Valsts Inspekcija)— View Statement/Guidance

Liechtenstein — Data Protection Commissioner — View Statement/Guidance

Lithuania — State Data Protection Inspectorate (Valstybine Duomenu Apsaugos Inspekcija)— View Statement/Guidance

Luxembourg — National Data Protection Commission (Commission nationale pour la protection des données)— View Statement/Guidance

Netherlands —Autoriteit Persoonsgegevens— View Statement/Guidance

Norway — Data Inspectorate (Datatilsynet)  — View Statement/Guidance

Poland — Bureau of the Inspector General for the Protection of Personal Data – GIODO— View Statement/Guidance

Romania —National Supervisory Authority for Personal Data Processing— View Statement/Guidance

Slovakia — Office for Personal Data Protection of the Slovak Republic— View Statement/Guidance

Slovenia — Information Commissioner— View Statement/Guidance

Spain — Data Protection Commissioner (Agencia de Protección de Datós)— View Statement/Guidance

Switzerland — Federal Data Protection and Information Commissioner (Préposé féderal à la protection des données et à la transparence) — View Statement/Guidance

United Kingdom — Information Commissioner’s Office—View Statement/Guidance

United Kingdom Government — View Statement/Guidance

United States of America — U.S. Secretary of Commerce — View Statement/Guidance — FAQs on Swiss-U.S. Privacy Shield

United States of America — Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation — View Statement/Guidance

Footer

PACC is the voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

Recent Posts

  • Consultation: Online News Act — Bill C-18
  • Public Sector Use of Private Sector Personal Data: Towards Best Practices
  • Consultation on revised notices regimes
  • Consultation on Combatting Misinformation and Disinformation
  • Public Consultation on Lawful Interception

ABOUT

MEMBERSHIP

CERTIFICATION

CURRENT OPPORTUNITIES

RESOURCES

BLOG

CONTACT

 

Thanks to QuestionPro’s wide range of free survey templates designed by industry experts. We now know exactly where to improve
…………

© 2023 · Privacy and Access Council of Canada · Maintained by SLIcore Design.