Examice

Exam CIPP-US All QuestionsBrowse all questions from this exam

Question 193

As a result of the Schrems II decision and CJEU opinion, what would the preferred course of action be if a Section 702 disclosure related to a foreign entity is required?

Ensure that the most recent SCC from the European Commission is being executed as a valid method of adequacy.

Provide 30 days notice to affected parties to allow the opportunity for filing a motion to quash with the court.

Seek redress from the court pursuing a protective order, since the consumer is unable to file a motion to quash.

Seek the advice of outside counsel and conduct a transfer impact assessment.

Correct Answer: A

The preferred course of action after the Schrems II decision and CJEU opinion would be to ensure that the most recent Standard Contractual Clauses (SCC) from the European Commission are being executed as a valid method of demonstrating adequacy. This is because the CJEU upheld the validity of SCCs as a means of transferring personal data to third countries, provided that proper safeguards are in place to ensure the protection of the data in compliance with EU law.

Discussion

BhimeshOption: D

D is the superlative option out of A,B,C... Seek the advice of outside counsel and conduct a transfer impact assessment. D. Seek the advice of outside counsel and conduct a transfer impact assessment.

Bhimesh

The CJEU determined that U.S. surveillance for foreign intelligence purposes does not provide protections necessary under EU law for the transfer of personal data from the EU to the United States. In Schrems II, the CJEU cited Section 702’s limitations on judicial remedies for EU citizens as falling short of the GDPR’s requirements. The CJEU reasoned that FISA 702, allow U.S. intelligence agencies to collect more information than is strictly necessary to fulfill their missions and do not provide EU citizens with sufficient avenues for judicial redress of alleged infringements of privacy

Bhimesh

While the CJEU struck down Privacy Shield on the grounds that U.S. surveillance law is overly permissive, the court did not close the door altogether on data transfers from the EU to the United States. Rather, Schrems II preserved the validity of Standard Contractual Clauses (SCCs)—a separate mechanism under EU law for international data transfers—provided that DATA EXPORTERS take “supplementary measures” where necessary to ensure compliance with the level of protection required under EU law

Romeokton

Very strange question that I am not sure of which is the correct option - all seem wrong. I wish someone had explained it.