The ruling invalidated the "Privacy Shield" that enabled international data transfers outside of the EU, while also casting doubt upon the use of other available tools, namely Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). This has resulted in considerable legal uncertainty for companies that need to transfer personal data from the EU to the United States, and to other third countries, as part of their day to day business.
"To address these risks, the letter calls on the Commission to provide legal certainty as soon as possible to enable European companies to carry out their business activities that include the transfer of such data," Insurance Europe explains.
While the letter welcomes the EDPB's intention to present guidance on "additional measures" to be put in place alongside SCCs, it also urges data protection authorities not to impose sanctions until this guidance has been published and a sufficient period of time has passed to enable companies to implement it.
The letter also calls on the Commission to update the SCCs for international data transfers, and to ensure they can be used as standalone tools, with no need for additional measures.
Importantly, the letter welcomes the launch of discussions on a replacement for the "Privacy Shield" and calls on the Commission to continue its work on an adequacy framework that allows for the lawful transfer of data to the US while respecting the privacy of EU citizens.