The Data Protection Authority of Rhineland-Palatinate, Germany has issued FAQs on Schrems II, weighing in on the EU-U.S. Privacy Shield and Standard Contractual Clauses. The guidance comes on the heels of FAQs issued recently by Baden-Wuerttemberg’s DPA.
Here’s what the Rhineland-Palatinate authority says about EU-U.S. Privacy Shield:
- The EU-U.S. Privacy Shield can no longer be used as a transfer instrument.
- Data transfers on this basis are illegal. Those responsible must immediately switch to other transfer instruments from Chapter V of the General Data Protection Regulation (GDPR).
- If no other transfer instruments are available and no exception under Art. 49 GDPR can be invoked, the person responsible must suspend the data transfer.
- Data that had already been transmitted must be reclaimed or destroyed.