Go to content
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
  1. Home
  2. Our Blogs
  3. Regulatory
  4. EDPB adopts recommendations on European Essential Guarantees following Schrems II

EDPB adopts recommendations on European Essential Guarantees following Schrems II

11 Nov 2020
|

On 11 November 2020, the European Data Protection Board (EDPB) during its 41st plenary session, adopted recommendations on measures that supplement transfer tools to ensure compliance with the level of protection of personal data required under EU law (Recommendations on Supplementary Measures), as well as recommendations on the European Essential Guarantees for surveillance measures (Recommendations on Essential Guarantees).

This post discusses the Recommendation on Essential Guarantees – you can find our post on the Recommendations on Supplementary Measures here.

Both documents were adopted following the “Schrems II” ruling handed down by the Court of Justice of the European Union (CJEU) on July 16th. As a result of that ruling, controllers relying on Standard Contractual Clauses are required to verify, on a case-by-case basis and, where appropriate, in collaboration with the recipient of the data in the third country, if the law of the third country ensures a level of protection of the personal data transferred that is essentially equivalent to that guaranteed in the European Economic Area.

The Recommendations on Essential Guarantees provide data exporters with elements to determine if the legal framework governing public authorities’ access to data for surveillance purposes in third countries can be regarded as a justifiable interference with the rights to privacy and the protection of personal data, and therefore as not impinging on the commitments of the Article 46 GDPR transfer tool the data exporter and importer rely on.

The EDPB considers that the applicable legal requirements to make the limitations to the data protection and privacy rights recognised by the Charter justifiable can be summarised in four European Essential Guarantees:

  1. Processing should be based on clear, precise and accessible rules
  2. Necessity and proportionality with regard to the legitimate objectives pursued need to be demonstrated
  3. An independent oversight mechanism should exist
  4. Effective remedies need to be available to the individual

Data exporters will need to evaluate their data processing operations and transfers and take effective measures bearing in mind the legal order of the third countries to which they transfer or intend to transfer data.

The EDPB underlines that the European Essential Guarantees are based on the fundamental rights that apply to everyone, irrespective of their nationality. The Recommendations on Essential Guarantees are complementary to the Recommendations on Supplementary Measures.

The EDPB’s press release can be found here.

The Recommendations on Essential Guarantees can be found here.

Our post on the Recommendations on Supplementary Measures can be found here.

Our post on the CJEU’s “Schrems II” ruling can be found here.

Authors

Elina Mantrali Harneys front portrait image on a grey background
Elina Mantrali
Counsel | Cyprus