The history of transatlantic data flows twists and turns with shifting regulations and legal pronouncements. From the sunken hopes of Safe Harbor to the EU Court of Justice’s (CJEU) pronouncements in Schrems I and Schrems II, EU businesses have sought reliable pathways for data being processed in the United States.
Today, the EU-US Data Protection Framework offers a new course, but responsible practices and reliable routes like the Standard Contractual Clauses (SCCs) remain available to Main Sequence Technology’s customers in the European Union.
In its heyday, Safe Harbor was based on self-declared compliance. However, in 2015, the CJEU’s landmark Schrems I ruling effectively ended Safe Harbor as a viable path. The ruling expressed the court’s findings of inadequate US oversight and vulnerabilities in data access by US intelligence agencies, sending a shock through the data transfer landscape.
Privacy Shield, erected in response, attempted to correct course, but the CJEU’s 2020 Schrems II decision likewise foundered Privacy Shield, citing persistent concerns about US government surveillance programs. These rulings left EU businesses navigating transatlantic data flows in substantial uncertainty.
Throughout these developments, Standard Contractual Clauses (SCCs) have served as reliable tools to establish per se data protection adequacy, offering EU Executive pre-approved agreements that describe responsible data handling practices and define each party’s role in complying with legal requirements. At Main Sequence, we recognize the critical importance of legal compliance and per se adequacy for our EU Customers.
Following the CJEU’s judgments in Schrems I and Schrems II, the need for a durable framework governing data transfers between the EU and US became clear. From July 2023, The EU-US Data Protection Framework addresses this challenge by establishing enhanced safeguards for EU citizens’ personal data when processed in the US. Key elements of the new framework include:
Main Sequence have approached this challenge by adopting industry-recognized best practices, continuously offering the SCCs, and participating in the available frameworks as they have evolved, but our commitment extends beyond basic compliance with available frameworks.
We regularly and realistically assess risks, invest in ongoing training, and conduct evaluations of our vendors and third-party audits of our own controls. By responding with agility to the regulatory landscape and employing a multi-layered approach to data security and availability, we seek to position Main Sequence as a trusted partner for organizations navigating the complexities of transatlantic data transfers.
Accordingly, Main Sequence is pleased to announce that as of January 2024, we have certified to the Data Protection Framework. We will continue to offer the SCC’s, but now our customers can be comfortable that their PCRecruiter accounts are managed in a per se adequate way for EU data protection requirements.
For more information about the DPF and the certification list, please see dataprivacyframework.gov.
To discuss your private recruiting database needs or for further details about EU data compliance, please contact your PCRecruiter representative.
Digital tools for recruiters are rapidly evolving. Used properly, new technology can enhance every aspect of the recruitment process, including sourcing. Automating the extraction of relevant candidate data from social platforms like LinkedIn or job sites like Indeed has become commonplace.Read more
Back in October, Google announced changes to their email handling policies designed to combat spam. These new changes will be fully in place by February 2024. Yahoo/AOL has announced similar policies and others will likely follow suit. While the changes should mostly have a positive effect — reducing the amount of junk and scams that get to inboxes — they could have a negative effect on your recruiting process if you rely heavily on cold email or aren’t using properly configured outgoing email systems.Read more
Find out more about who we and what we do.