The EU Commission is presenting new standard data protection clauses to make international data transfers more legally secure. The background to this is the ruling of the European Court of Justice (ECJ) from the summer of 2020, which declared the so-called Privacy Shield, which regulated the exchange of data between the EU and the USA, invalid and which established additional requirements for international data transfers. Susanne Dehmel, Member of the Bitkom Executive Board, explains:
"With the new standard data protection clauses, the EU wants to create more legal certainty for companies with data processing in the US or other third countries. This is a right step. It is crucial for globally active companies to be able to handle their business processes and data flows in a legally secure manner. However, the new clauses do not solve the problem of case-by-case assessment. At the same time, companies are now faced with a huge conversion effort without being spared the need to assess data flows to so-called third countries in each individual case. In addition, there are further ambiguities in the new regulations: Companies are supposed to implement additional protective measures to safeguard the data flows - but exactly what these measures should be is left up to internal assessment. Many companies can hardly cope with that.
Assessing the level of data protection in other countries is a highly complex task, and the conversion of technical measures by today's networked economy involves a great deal of effort. We need political solutions for third-country transfers - not only for the essential data exchange between the USA and the EU. For the future, it will be crucial that more fundamental so-called adequacy decisions for important third countries permanently secure the exchange of data and free companies from the case-by-case examination.
The frequently mentioned demand to simply process data exclusively in Europe is not a solution. It is hardly feasible, both technically and practically. Especially for transnational or globally operating companies and organisations with locations in different regions, data exchange is essential for their daily work. European companies from the health sector with research centres in the USA or India are just as affected by this as IT companies that secure 24-hour support globally and thus across all time zones."