Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

EU Parliament adopts Resolution on data transfers following Schrems II Ruling

EU Parliament Resolution on data transfers banner

Published May 25, 2021

On 20 May 2021, the European Parliament adopted, with 541 in favour, 1 against and 151 abstaining, a resolution on data transfers following Schrems II Ruling. In this Resolution, the members of the European Parliament (MEPs) urge the European Commission to issue guidelines on making data transfers compliant in line with the recent CJEU judgments and EDPB’s opinions. Some of the key aspects of the Resolution are as follows:

Irish DPC failed to effectively enforce GDPR: MEPs express disappointment with the Irish Data Protection Commission that it brought proceedings against Maximilian Schrems and Facebook at the Irish High Court, instead of independently triggering enforcement procedures based on GDPR rules. The EU Parliament calls on the Commission to launch infringement procedures against Ireland for failing to effectively enforce the GDPR.
Lack of prioritization of international data transfers by national supervisory authorities: MEPs express concerns at the lack of prioritization by national supervisory authorities with regard to personal data transfers to third countries and urge the EDPB and national supervisory authorities to include international data transfers as part of their audits and compliance activities.
SCCs are welcomed: MEPs welcome the EDPB’s recommendations for data transfers and a Joint Opinion with the EDPS on the issue for safeguards related to third-country data transfers. MEPs further support the creation of a toolbox of supplementary measures to choose from, e.g. security and data protection certification, encryption safeguards, and pseudonymisation, that are accepted by regulators and publicly available resources on the relevant legislation of the EU’s main trading partners.
Guidance for the use of SCCs is required for SMEs: MEPs urge the Commission and EDPB to publish further guidance on international data transfers and the practical use of reliable supplementary measures, especially for SMEs.
US surveillance laws need to be reformed: There is a need for a reform of US surveillance laws to ensure that access of US security authorities to data transferred from the EU is limited to what is necessary and proportionate and that European data subjects have access to effective judicial redress before US courts. This is because SCCs are not possible for data controllers that fall within the scope of the US Foreign Intelligence Surveillance Act (FISA) due to the high risk of mass surveillance. MEPs note that no contract between companies can protect from indiscriminate access by intelligence authorities to the content of electronic communications nor can any contract provide sufficient legal remedies against mass surveillance.
CCPA does not provide an essentially equivalent level of protection: Neither CCPA nor any of the federal proposals so far meets the requirements of the GDPR for an adequacy finding. Therefore, MEPs strongly encourage the US legislature to enact legislation that meets those requirements in order to provide an essentially equivalent level of protection to that currently guaranteed in the EU.
Mass surveillance in the US and other countries needs attention: MEPs encourage the Commission to proactively monitor the use of mass surveillance technologies in the US and other third countries that could be the subject of an adequacy decision such as the UK and urge the Commission to not adopt adequacy decisions concerning countries where mass surveillance laws do not fulfill the criteria of the CJEU.
Cloud providers falling under section 702 FISA need attention: MEPs call on the Commission to analyze the situation of cloud providers falling under section 702 of FISA who transfer data using SCCs and analyze the effect on the rights granted under the EU-US Umbrella Agreement. MEPs find unacceptable that the Commission has still not published its findings of the first joint review of the Umbrella Agreement, even a year after the deadline and calls on the Commission, if necessary, to without delay bring the agreement in line with the CJEU judgments.
Commission has not suspended the privacy shield: MEPs regret that the Commission has ignored Parliament’s calls to suspend the Privacy Shield until the US authorities comply with its terms.
No self-certification in the future: Any future adequacy decision by the Commission should not rely on a system of self-certification as was the case with both Safe Harbour and the Privacy Shield. The Resolution emphasizes that the Commission should not conclude new adequacy decisions with third countries without taking into account the implications of EU court rulings and ensuring full GDPR compliance