“It is unknown what the new [Standard Contractual Clauses] will say on ‘Schrems II’ … It would be surprising if the new SCCs did not address the CJEU decision, but it may be overly optimistic to think that they will provide the much-needed certainty that privacy professionals are looking for. The additions are likely to be reasonably high level and generic and unlikely to replace the case-by-case assessment that the ‘Schrems II’ decision seems to require from controllers that want to transfer EU personal data to destinations outside the EU,” – writes Henriette Tielemans for the IAPP – International Association of Privacy Professionals.
“The most probable scenario for the additions to the SCCs is that the revised SCCs will contain an additional representation from the data exporter that it has verified — and is satisfied — that the law of the third country of destination ensures adequate protection under EU law for the transferred data and that the level of protection required by EU law is respected in the country of destination. There also may be an additional requirement…to assist the data exporter with making this determination. ”