Aftermath of Schrems II decision in France: The French Council of State provides significant clarification on the U.S. based data host to provide services in the French health care sector

On March 12, 2021, the French Council of State (Conseil d’Etat), the highest French administrative court, handed down a ruling (ordonnance des référés) allowing Doctolib, a company in charge of booking COVID-19 vaccination appointments, to rely on a U.S.-based health data host. In the present case, the servers of Doctolib – whose platform had been … Continue Reading

The European Data Protection Board releases recommendations on supplementary measures following the Schrems II decision

By Cynthia O’Donoghue and Sarah O'Brien on 18 November 2020 Posted in Privacy & Data Protection

On 11 November 2020, the European Data Protection Board (EDPB) released recommendations on supplementary measures for international transfers (here) and recommendations on the European Essential Guarantees for surveillance measures (here), following the Schrems II decision (see our previous blog here). As a result of the Schrems II decision, data exporters who use certain transfer mechanisms as an appropriate … Continue Reading

First official guidance on international data transfers post Schrems II – German data protection authority publishes checklist and action items on international data transfers

By Dr. Andreas Splittgerber and Arne Senger on 7 October 2020 Posted in Global Data Transfers, Regulatory

The German data protection authority of the federal state of Baden-Württemberg (LfDI BW) has issued detailed guidance (Guidance) on international data transfers this August and September. This is the first official guidance by a data protection authority following the decision of the Court of Justice of the European Union (CJEU) in the Schrems II case … Continue Reading