The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently by Baden-Wuerttemberg’s DPA.

Here’s what the Rhineland-Palatinate authority says about EU-U.S. Privacy Shield:

Privacy Shield

  • The EU-U.S. Privacy Shield can no longer be used as a transfer instrument.
  • Data transfers on this basis are illegal. Those responsible must immediately switch to other transfer instruments from Chapter V of the General Data Protection Regulation (GDPR).
  • If no other transfer instruments are available and no exception under Art. 49 GDPR can be invoked, the person responsible must suspend the data transfer.
  • Data that had already been transmitted must be reclaimed or destroyed.

Full details in this client alert.