Standard Contractual Clauses (SCCs), as established by the European Commission, have long been used to safeguard personal data transferred outside the European Union (EU). But the companies that typically use SCCs need to be aware that they no longer provide the solid data transfer mechanism that they used to. As supervisory authorities are explicitly defined, there will be closer scrutiny of supervisory authorities in this area. Moreover, the EU will have to issue a new version of the SCCs that adapts to the GDPR and will need to determine how the new versions will operate alongside the existing ones. These trends, together with the doubts cast over the validity of the Privacy Shield, may yet be a recipe for some troubling times ahead in the field of transatlantic data transfers.
