A broad coalition of industry federations – including Insurance Europe – has published a joint statement raising serious concerns about a set of draft recommendations published by the European Data Protection Board (EDPB) in the wake of the European Court of Justice Schrems II decision.
The court’s decision invalidated the EU-US “Privacy Shield” and cast doubt upon the use of other available tools, such as standard contractual clauses (SCCs), for transferring personal data outside of the EU.
However, while the EDPB’s draft recommendations aim to offer clarity, they will in fact make it unnecessarily difficult for businesses to transfer data outside the EU, which will hamper the competitiveness of European businesses on the world stage.
The EDPB should instead take a more risk-based approach – a fundamental pillar of the General Data Protection Regulation – when drafting its final recommendations and allow businesses to continue to rely on contractual and organisational means. The recommendations should also encourage the development of workable technical solutions, rather than an overreliance on methods such as encryption.