IRSG Response – EDPB Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR

Published 15 Feb 2022

In response to legal uncertainty, the EDPB guidelines aim to clarify the interplay between Article 3 and the provisions of the GDPR on international transfers in Chapter V, in order to assist controllers and processors in the EU in identifying whether a processing activity constitutes a transfer to a third country or to an international organisation and, as a result, whether they have to comply with the provisions of Chapter V of the GDPR. To assist with this, the Guidelines provide a set of criteria that qualify a processing as a transfer, alongside examples of specific processing.

In responding, our aim is to:

1. Welcome the content and timing of new Guidelines, in particular following the open legal questions and uncertainty post-Schrems II.
2. Welcome the EDPB's clarification of the meaning of transfer for the purposes of Chapter V of the GDPR which will help to resolve a well-known open legal question. 
3. Request further clarification on the interplay of certain sections of the guidelines, and the insertion of additional examples relevant to financial services firms doing cross-border business.
4. Ask the EDPB to reconsider its position that a restricted international transfer occurs if a controller or  processor in the EU, which sends data to a controller without an EU establishment but subject to the GDPR constitutes a restricted international transfer.