BRUSSELS — Today, global tech trade association ITI issued the following statement in reaction to the European Data Protection Board (EDPB) recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data following the Court of Justice of the European Union (CJEU) Schrems II ruling:

While we are still analyzing the details of today’s publication, we welcome the European Data Protection Board’s decision to adopt a risk-based approach and consider documented practical experience for international data transfers, said John Miller, ITI Senior Vice President and General Counsel. “By aligning with the guidance issued by the European Commission’s Standard Contract Clauses issued earlier this month, the EDPB will help give companies more certainty for data transfers across the Atlantic. Additionally, we support the changes to reflect the practical use of encryption technology as an adequate safeguard but recommend further consideration of the use cases where the EDPB was unable to identify any technical measures sufficient to support international data transfers. Finally, we continue to respectfully urge U.S. and EU leaders to reach an enhanced EU-U.S. Privacy Shield agreement soon, which is essential to maintaining transatlantic data flows that underpin virtually every economic sector conducting transatlantic business.”

Earlier this month, ITI welcomed the adoption of standard contract clauses (SCCs). In December, ITI submitted comments to the European Commission’s updated SCCs for transferring personal data to non-EU countries and comments to the European Data Protection Board on the draft recommendations on supplementary measures.

Related [Trade & Investment, Data & Privacy]