The European Court of Justice recently published plans to issue its much awaited decision in CJEU case C-311/18 on July 16. The ruling will impact how organizations lawfully transfer personal data from the EEA to jurisdictions not providing an “adequate” level of data protection in accordance with the GDPR. The ruling will specifically address the validity of the European Commission’s standard contractual clauses and it may also affect operation of the EU-US Privacy Shield. On May 18, the European Data Protection Board published a report on its 2019 activities that may signal whether it plans to influence further development of this area.
The German data protection authorities on September 26, 2011 adopted an “Orientation guide – cloud computing.” The guide sets out mandatory and recommended content for any agreement between German users of cloud computing services and cloud computing serving providers. It highlights the customer’s responsibility for full compliance with German data protection requirements for the cloud. Based on this orientation guide, customers and providers will have to review existing agreements in the German market.