Why I think so? It stems from a superb article written by the IAPP authors who skilfully and clearly explain (for the first time ever?) how to tackle the issues raised in the CJEU’s decision and to continue data transfer to USA based on supplemented SCC (see the link below).
Just take a deeper look and see how many details of the US laws are taken into account and analysed, based on which practical recommendations are given. At the same time, the CJEU factually introduced the requirement to evaluate legal landscape in every third country that imports data flows.
The above means that the same exercise should be conducted in relation to each third country. In many of them the laws may not even be translated in English and be publicly available, case law may indeed be unclear or even absent. Such analysis will almost definitely require a great deal of time and money amid the absence of grace period.
Where to get help:
- See my short article on how to start with the assessment without spending budget: https://www.linkedin.com/posts/tiazhelnikov_two-money-saving-starting-points-on-how-to-activity-6696105568085561344-qJFl
- See Essential Guarantees Guide (https://www.essentialguarantees.com) which can help you analyse surveillance practices in different countries across the globe.
- Expect more from me on that issue in the following weeks as we at Carlsberg HQ are launching «Schrems II Working Group» to share thoughts and develop action plan.
- Remember that ‘wait and see’ approach is not an option here; complexity is not an excuse for doing nothing in the hope that Supervisory Authority will wait too.