The cross-border data transfer, a key component of data processing for so many international businesses and global organizations, just can’t seem to catch a break. New challenges to the validity of standard corporate contracts (SCCs) and continued questions around the adequacy of the Privacy Shield continue to dog organizations that lean heavily on cross-border data transfers in their operations.
Given the differing cultural, governmental, and commercial perspectives on the handling of personal data and data protection rights of individuals, it should be no surprise that cross-border challenges carry some seriously contentious baggage. The convoluted data protection regulatory landscape across European member states was one major contributing factor not only behind the conception and development of the General Data Protection Regulation (GDPR) itself, but also the fair amount of digital ink spilled in creating Articles 46-49 (and their myriad recitals and comments), which deal specifically with cross-border transfers, and their means, mechanisms and derogations (exceptions) for compliance.
