U.S. Department of Commerce ('DoC') Deputy Assistant Secretary James Sullivan issued, on 28 September 2020, a statement and a white paper to assist organisations following the decision of the Court of Justice of the European Union ('CJEU') in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (Case C-311/18) ('the Schrems II Case'). In particular, the Deputy Assistant outlined that the extensive US legal framework for foreign intelligence collection provides clearer limits, stronger safeguards, and more rigorous independent oversight than most other countries. In addition, the Deputy Assistant noted that, while the white paper is not intended to provide substantive guidance on EU law, its aim is, however, to aid organisations in making their case that they should be able to send personal data to the US using EU-approved transfer mechanisms.

Specifically, the white paper provides an overview of the privacy safeguards in current US law in relation to intelligence agencies' access to data relevant to the judgment in Schrems II, aiming to assist companies who wish to continue using Standard Contractual Clauses ('SCCs') as a means of transferring data to the US. Moreover, the white paper considers scenarios such as where companies transfer personal data involving ordinary commercial information that is of no interest to US intelligence agencies and which will, as such, not present the data protection risks that concerned the CJEU in Schrems II. Furthermore, the white paper discusses the possibility that companies who have received disclosure orders from US intelligence agencies may rely on the public interest derogation under Article 49 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') as a basis for continued transfers of data from the EU.

You can read the statement here and the white paper here.