In light of the Schrems II case, before a business can use the Standard Contractual Clauses (SCCs) to transfer personal information from the EU to the USA, the business must determine whether US law concerning government access to data provides privacy protections meeting EU legal standards.
To assist businesses with making this determination, the US government through the Department of Commerce, the Department of Justice, and the Office of the Director of National Intelligence released on September 28, 2020 a white paper to provide observations on US law and practice.
Three key points were:
Most businesses do not deal with data that is of any interest to US intelligence agencies.
The US government shares intelligence information with EU Member States which serves important EU public interests.
Many privacy protections under US law concerning government access to data for national security purposes were not discussed in the Schrems II case.
This white paper is required reading for any business that will use the SCCs to transfer data from the EU to the USA.
Photo by Guillaume Meurice from Pexels