The second task force will handle and review complaints received by European Economic Area (EEA) Data Protection Authorities (DPAs).3 Each member state of the EEA has a DPA, which are independent public authorities that supervise the application of the General Data Protection Regulation (GDPR). As of the date of the announcement, 101 identical complaints had been lodged with EEA DPAs against several controllers in EEA member states regarding the controllers’ use of Facebook and Google services involving the transfer of personal data.4 The complaints were also brought against Google and Facebook in the U.S. for continuing to accept data transfers.5 The complainants are all represented by Schrems’ organization. Schrems asserts that EEA and U.S. organizations ignored the Schrems II decision by continuing to transfer data through the use of SCCs.
Although fraught with challenges, these developments suggest that governing entities are invested in finding a way to continue cross-Atlantic business activity and the inevitable data transfers that accompany such activity.
Receive firm communications, legal news and industry alerts delivered to your inbox.
Subscribe Now