By Dan Or-Hof
November 12, 2020
This is a preliminary report.
On November 11, 2020, The European Data Protection Board (EDPB) has published new recommendations, introducing a new required data transfer contract – the STTs – Supplementary Transfer Tools.
Following the Schrems2 decision of the EU supreme court, the STTs join DPAs and SCCs to support data transfer under the GDPR to third countries.
The STTs include 3 main features:
- An assessment of the existence of European Essential Guarantees (EEG) under the third county’s laws;
- Technical measures to prevent access to data by national authorities; and,
- Additional assurances by the importer.
The draft recommendations are open for public consultation until November 30. We assume that the final version would be similar to the draft recommendations.
Data importers, i.e., in some cases, your company facing its clients, and additionally – vendors in their relations with your company, would need to assess their ability to follow the new onerous rules.
Further details about the European Essential Guarantees are available in a separate set of recommendations of the EDPB.
Alongside the STTs, the EDPB recommends additional measures, e.g., adoption of standards and best practices, data minimization methods, accountability measures, internal policies and technical measures.