Information Commissioner's Office
Updated ICO statement on recommendations published by the European Data Protection Board following the Schrems II case
Statement by an ICO spokesperson on recommendations published by the European Data Protection Board following the Schrems II case
“We are reviewing the two recommendations published by the European Data Protection Board (EDPB) following the CJEU Schrems II ruling in July. The judgment confirmed how EU standards of data protection must travel with personal data when it goes overseas.
“The first recommendation updates the European Essential Guarantee for surveillance measures.
“The second has been published for public consultation and looks at the extra measures organisations may take to support the international transfer of data to meet EU standards, and is out for public consultation.
“This recommendation follows previous EDPB guidance stating that organisations must conduct a risk assessment as to whether a transfer tool, such as Standard Contractual Clauses (SCCs), provides enough protection within the legal framework of the destination country. If not, organisations must put extra measures in place to mitigate the risks.
“The Schrems II judgment said that supervisory authorities have an important role to play in the oversight of international transfers. As part of this role we are reviewing the recommendations and will consider whether we need to publish our own guidance in due course.
“We are also reviewing the European Commission’s new GDPR SCCs currently under consultation.
“We reiterate our advice that organisations should take stock of the international transfers they make, and update their practices as guidance and advice become available.
“We continue to apply a risk-based and proportionate approach to our oversight of international transfers in accordance with our Regulatory Action Policy.”
Latest News from
Information Commissioner's Office
Hospitals urged to improve data protection standards following incident at NHS Fife29/11/2023 09:10:00
The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.
Statement on Court of Appeal judgment on Freedom of Information Act appeal24/11/2023 09:20:00
The Court of Appeal has ruled against the Information Commissioner’s Office (ICO) in a Freedom of Information Act 2000 appeal regarding the ability to aggregate public interest factors for and against disclosure when applying exemptions under the Act.
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case21/11/2023 12:25:00
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case.
Information Commissioner seeks permission to appeal Clearview AI Inc ruling20/11/2023 12:25:00
The UK Information Commissioner is seeking permission to appeal the judgment of the First Tier Tribunal (Information Rights) (Tribunal) on Clearview AI Inc (Clearview).
Former NHS secretary found guilty of illegally accessing medical records17/11/2023 12:25:00
A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people.
What to consider when using online forms to receive information requests16/11/2023 11:10:00
Are you using online forms to receive information requests?
‘Be smarter than your smart tech’ – ICO issues top tips for consumers buying smart devices on Black Friday16/11/2023 10:10:00
The Information Commissioner’s Office (ICO) has shared its top tips to support consumers shopping smart tech this Black Friday.
Assessing data protection practices of UK tracing agents14/11/2023 12:25:00
Blog posted by: Anthony Luhman, ICO Director of PACE Projects and Interim Director of Investigations, 14 November 2023.
ICO and European Data Protection Supervisor (EDPS) sign Memorandum of Understanding09/11/2023 12:25:00
The UK Information Commissioner’s Office (ICO) and the European Data Protection Supervisor (EDPS) have signed a Memorandum of Understanding (MoU), which reinforces their common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal.