A (Slight) Light at the End of the Schrems II Tunnel: EDPS on the Explicit Consent Derogation

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US concerning subscriptions to its newsletter.

Key points:

Cry and Pray (and try to not transfer):

The EDPS has requested EU institutions (EUIs) take a strong precautionary approach concerning new processing operations carried out with appropriate safeguards and appropriate supplementary measures. The EDPS strongly encourages EUIs to ensure that any new processing operations or new contracts with any service provides does not involve transfers of personal data to the US. ENISA uses an EU based processor and US sub-processors. ENISA should primarily assess with the processor the availability of alternative newsletter solutions not involving the transfer of personal data to sub-processors in the US. (Failing that) ENISA should instruct is processor re: the legality of transfers and the processor should comply with the provisions of Chapter V (re cross border

Read more

Explore the site

More from the blog

Latest News