Berlin: Berlin Commissioner issues statement on Schrems II case, asks controllers to stop data transfers to the US
The Berlin data protection authority ('Berlin Commissioner') issued, on 17 July 2020, a statement on the Court Justice of the European Union's ('CJEU') judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case'). In particular, the Berlin Commissioner called for data controllers based in Berlin storing personal data in the US to transfer the same to Europe. In this regard, the Berlin Commissioner highlighted that, following the judgment, data should not be transferred to the US until that legal framework is reformed. In addition, with regards to Standard Contractual Clauses ('SCCs'), the Berlin Commission highlighted that, pursuant to the judgment, European data exporters and data importers in third countries are obliged to check before the first data transfer whether the third country has state access to the data that goes beyond what is permitted under European law and that, if such access rights exist, SCCs cannot justify the data transfer to such third country. Moreover, the Berlin Commissioner requested all data controllers to observe and comply with the CJEU's judgment. In practice, the Berlin Commissioner provided that data controllers transferring data to the US, especially when using cloud service providers, are now required to use service providers based in the EU or in a country with an adequate level of protection.
You can read the press release, only available in German, here.