August 6, 2020

Volume X, Number 219

August 06, 2020

Subscribe to Latest Legal News and Analysis

August 05, 2020

Subscribe to Latest Legal News and Analysis

August 04, 2020

Subscribe to Latest Legal News and Analysis

Schrems (Safe Harbor) Judgment – German Data Protection Authorities Issue Position Paper

Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here).  This 14-point position paper follows a meeting that these authorities held last week.  Key points include:

  • following the Safe Harbor judgment of the Court of Justice of the EU (“CJEU”) of October 6, data transfers on the basis of the European Commission’s Safe Harbor Decision are not admissible and the German DPAs will prohibit data transfers to the U.S. which are exclusively based on Safe Harbor;

  • the admissibility of data transfers to the U.S. on the basis of other transfer mechanisms, such as standard contractual clauses or Binding Corporate Rules (“BCRs”), is called into question;

  • the German DPAs will not currently issue any new authorizations for data transfers to the U.S. on the basis of BCRs or data transfer agreements − this goes a step further than the position expressed by the Article 29 Data Protection Working Party (“WP29”) in its statement of October 16, in which the WP29 acknowledged that standard contractual clauses and BCRs can still be used as long as the WP29 is analyzing the impact of the CJEU judgment on the other transfer mechanisms; and

  • the German DPAs recognize that consent may in certain limited circumstances provide a legal basis for data transfers to the U.S.

The German supervisory authorities call upon companies to make their data transfers data protection compliant, but at the same time also call for action by legislators, the German Government and the Commission.

© 2020 Covington & Burling LLPNational Law Review, Volume V, Number 299


About this Author

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular.  Our practice provides exceptional coverage of all of the substantive areas of privacy, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions.  One of our core strengths is the ability to advise clients on relevant privacy and data security rules worldwide,...