New Standard Contract Language for Data Transfers Facilitates Lawful Personal Data Transfers to/from EU and U.S. (Published June 4, 2021) -

In response to the EU Court of Justice Schrems II opinion, which declared that the former EU-US Privacy Shield did not adequately protect personal data, the European Commission has issued Standard Contract Clauses (SCCs) for Data Transfers which may be used to avoid GDPR violations and potential fines of up to 4% of a company’s worldwide annual sales. The SCCs must be used, without modification, in agreements relating to sharing personal data of EU residents. Companies have until December 22, 2022, to adopt the SCCs.

..In the Schrems II opinion issued by EU Court of Justice on July 16, 2020, the court ruled that the EU-U.S. Privacy shield does not adequately protect personal data, in part, because any of it is accessible by the U.S. National Security Agency. EU and U.S. Department of Commerce are attempting to negotiate a resolution.

..Fines and penalties of up to the greater of €20 million or 4% of a company’s global annual sales are permitted for violations.

..Class action lawsuits and other judicial relief is also available.