France: CNIL guidance and methodology for assessing third-country data transfers after Schrems II

Progress

Current status

adopted

23 Jun 2021 adopted

Scope

Implementers

France

Policy Area

Data governance

Policy Instrument

Cross-border data transfer regulation

Regulated Economic Activity

cross-cutting

Government Branch

executive

Government Body

data protection authority

Implementation Level

national

Timeline of events

23 Jun 2021

adopted

Proposed methodology for assessing third-country data transfers

The proposed methodology for assessing third-country data transfers is adopted by the French data protection authority ('CNIL'). The proposed methodology aims to help data controllers identify and process transfers of personal data outside the EU. T…

Source

Event type outline

Action type adoption

Government branch executive

Government body data protection authority

23 Jun 2021

adopted

Adopted guidance on the consequences of the Schrems II judgment

The CNIL adopts a guidance that outlines the consequences of the CJEU Schrems II judgment, specifically the legality of certain transfers of personal data outside of the European Union, especially to the United States. The CNIL recommends, complemen…

Source

Event type outline

Action type adoption

Government branch executive

Government body data protection authority

Progress

Scope

Timeline of events

Proposed methodology for assessing third-country data transfers

Adopted guidance on the consequences of the Schrems II judgment

Related changes