Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

The impact of Schrems II on Canada: No more onward transfer on the basis of the EU-US Privacy Shield

By Chantal Bernier
July 17, 2020
  • Cybersecurity
  • Privacy Rights
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On July 16, 2020, the Court of Justice of the European Union (CJEU) delivered its decision in the case known as “Schrems II”. The decision recognizes the validity of Standard Contractual Clauses (SCCs) to transfer personal data outside of the European Union (EU), but invalidates the transfer of personal data from the EU to the US under the EU-US Privacy Shield.

These are the implications for Canadian companies under the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • All transfers of personal data from the EU and the European Economic Area (EEA) to the US under the EU-US Privacy Shield or SCCs must be reassessed.
  • All such transfers on the basis of the EU-US Privacy Shield must be replaced by another legal basis for transfer, such as the SCCs, between organizations, Binding Corporate Rules, among the affiliates of one organization, or individual consent.
  • Storage in Canada, under the adequacy status, or in the EU, therefore avoiding transfer, should be considered.
  • The legal regime in the countries of destination, even under SCCs, must be taken into account to ensure that local laws, for example surveillance laws, do not prevent compliance with the SCCs.

Twelve countries (full list here) can receive personal data from the EEA without SCCs between organizations or express consent from the individual. Under adequacy, the cross-border transfer of personal data is generally authorized.

While companies under PIPEDA can receive personal data from the EU without further authorization, they widely use SCCs or the EU-US Privacy Shield for onward transfer to the US, or as business partners will require for greater legal certainty.

For more information, please read the complete article.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Chantal Bernier

About Chantal Bernier

Chantal Bernier leads Dentons’ Canadian Privacy and Cybersecurity practice group. She is also a member of the Firm’s Government Affairs and Public Policy group. Chantal advises leading-edge national and international companies as they expand into Canada and Europe, enter the e-commerce space, adopt data analytics and roll out data-based market initiatives. Her clients include ad tech companies, financial institutions, biotech companies, data analytics firms and government institutions.

All posts Full bio

RELATED POSTS

  • Data Transfers
  • Europe
  • New and Proposed Laws
  • Privacy Rights

Data processors under the GDPR

By Marc Elshof
  • Privacy Rights

Russia’s new data law

By Nick Graham
  • Privacy Rights

It’s Friday 13th! Time to consider the cost of getting privacy wrong

Today is Friday 13th; so timely to consider the news stories this week saying that Google will soon be fronting up to […]

By Simon Elliott

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site