Information Commissioner's Office
Updated ICO statement on recommendations published by the European Data Protection Board following the Schrems II case
Statement by an ICO spokesperson on recommendations published by the European Data Protection Board following the Schrems II case
“We are reviewing the two recommendations published by the European Data Protection Board (EDPB) following the CJEU Schrems II ruling in July. The judgment confirmed how EU standards of data protection must travel with personal data when it goes overseas.
“The first recommendation updates the European Essential Guarantee for surveillance measures.
“The second has been published for public consultation and looks at the extra measures organisations may take to support the international transfer of data to meet EU standards, and is out for public consultation.
“This recommendation follows previous EDPB guidance stating that organisations must conduct a risk assessment as to whether a transfer tool, such as Standard Contractual Clauses (SCCs), provides enough protection within the legal framework of the destination country. If not, organisations must put extra measures in place to mitigate the risks.
“The Schrems II judgment said that supervisory authorities have an important role to play in the oversight of international transfers. As part of this role we are reviewing the recommendations and will consider whether we need to publish our own guidance in due course.
“We are also reviewing the European Commission’s new GDPR SCCs currently under consultation.
“We reiterate our advice that organisations should take stock of the international transfers they make, and update their practices as guidance and advice become available.
“We continue to apply a risk-based and proportionate approach to our oversight of international transfers in accordance with our Regulatory Action Policy.”
Latest News from
Information Commissioner's Office
New guidance on direct marketing and the public sector05/08/2021 09:15:00
The Information Commissioner’s Office (ICO) has published a new resource to help public sector organisations understand when the direct marketing rules will apply to their messages.
Nuisance call blocker company fined £170,000 for making almost 200,000 illegal marketing calls03/08/2021 12:25:00
The Information Commissioner’s Office (ICO) has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS).
ICO’s priorities and impact of our work02/08/2021 12:25:00
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
Blog: Reflecting on the first year of the ‘Explaining decisions made with AI’ guidance02/08/2021 09:10:00
Abigail Hackston, ICO Senior Policy Officer – Innovation looks back on the ICO’s work with organisations who use personal data and artificial intelligence (AI) to support, or to make decisions about individuals.
Blog: Spotlight on the Children’s Code standards - best interests of the child, detrimental use of children’s data and data minimisation28/07/2021 16:15:00
A blog by Michael Murray, ICO’s Head of Regulatory Strategy
Blog: Regulating through a pandemic and beyond28/07/2021 13:20:00
A blog by James Dipple-Johnston, Deputy Commissioner - Chief Regulatory Officer
ICO approves the first UK eIDAS Regulations Qualified Trust Service Provider28/07/2021 09:10:00
The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations.
ICO's blog on its information rights work26/07/2021 16:20:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law21/07/2021 09:20:00
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.