EDPS issues Strategy for EU institutions to comply with Schrems II ruling

The European Data Protection Supervisor (EDPS) has issued a strategic document aiming to monitor compliance of European institutions and agencies (EUIs) with the “Schrems II” ruling of the Cour of Justice of the European Union (CJEU) in relation to transfers of personal data to third countries, and in particular, the United States. The strategy builds on the cooperation and accountability of controllers to assess whether the essentially equivalent standard of protection, based on the Court’s ruling, is guaranteed when transfers of personal data are made towards third countries. The EDPS has developed an action plan to streamline compliance and enforcement measures, distinguishing between short-term and medium-term compliance actions.  According to Euractiv, the EDPS strategy can be interpreted as part of a response to reports that the European Parliament’s coronavirus test management website was overrun with user tracking requests, sending personal data to US-based companies.