- The free flow of data between the EU and third countries is crucial for European game developer studios.
- The EDPB should focus on security measures instead of regional data access limitations.
- The EDPB Recommendation document should take a more risk-based approach
- European SMEs rarely have sufficient resources to case-by-case map and analyse laws and practices undermining their users’ privacy globally.
- In order to bring legal certainty on international data transfers, EDPB must also publish country-specific recommendations.
- The Recommendations should provide solutions that would qualify as supplementary measures for the use of central systems and services in global organisations.
- The Recommendations should define a grace period, aligned with the one offered for Standard Contractual Clauses.
The full position paper can be downloaded from here: http://www.egdf.eu/wp-content/uploads/2020/12/202012-EGDF-response-on-the-EDPB-Recommendations-01_2020-on-measures-that-supplement-transfer-tools-to-ensure-compliance-with-the-EU-level-of-protection-of-personal-data.pdf
The broader EGDF approach on privacy and data protection can be accessed here: http://www.egdf.eu/documentation/7-balanced-protection-of-vulnerable-players/privacy-and-data-protection/