You are here

AmCham EU responds to European Data Protection Board recommendations

22 Dec 2020
Digital Economy

AmCham EU appreciates the attempt of the European Commission to provide a roadmap for the implementation of the new standard contractual clauses (SCCs) as well as European Data Protection Board's (EDPB) public consultation on the Recommendations 01/2020 to collect feedback on the supplementary measures. However, we are concerned that the EDPB guidance goes beyond both the general data protection regulation and the Schrems II ruling of the Court of Justice of the European Union. Read our full consultation response here.

AmCham EU members support the purpose of the recommendations to protect the rights and privacy of citizens. Nevertheless, some elements of the recommendations would place an extreme burden on businesses of all sizes and sectors trying to conduct business. This is concerning when thousands of American and European businesses, from small and medium-sized enterprises (SMEs) to international corporations, rely on international data transfers on a day-to-day basis.

We urge the EDPB to recognise more explicitly that the application of safeguards should be risk-based, reflecting the type and volume of personal data (including whether or not it includes special categories of data), the type of government surveillance requests and access to which a multinational may be exposed. Furthermore, rather than directly addressing concerns with the foreign governments that control data protection legal regimes, the recommendations shift the responsibility and burden of assessing and supplementing the essential equivalent protection of legal systems to the private sector. These developments hinder business opportunities and international collaboration, when a seamless system for the transfer of data across borders is essential for competitiveness and innovation.

Within our consultation response we have identified key changes that could be made to the draft recommendations to improve the EDPB’s work on data transfer measures. We urge the EDPB to consider these elements and practical implications of the recently published recommendations in order to revaluate the text accordingly and proportionately.

AmCham EU makes five key recommendations. These are:

  • Taking account of the importance of a risk-based approach to data transfers;
  • The need to take a proportionate approach to potential risk to data subjects;
  • Considering the limitations of encryption as a protective measure for business use;
  • Ensuring coherence with the draft implementing decision on SCCs; and
  • Aligning the timeline for the transition and compliance periods with the period foreseen in the European Commission’s new SCCs.

In addition, AmCham EU joined a wide-ranging coalition of industry groups in a call to the EDPB and the European Commission to ensure much-needed legal certainty around data flows in and outside of the European Union, pointing to repercussions an unduly restrictive approach to data flows would have on European industries. Read the global business community statement here.