The German state-level data protection authority for Bavaria (BDPA) recently issued a decision stating that the transfer of personal data to the US-based email marketing platform Mailchimp, by a company (which has not been officially named), was unlawful.
Ultimately, the BDPA declined to take formal enforcement action because the company stopped using Mailchimp in response to the complaint. Despite the lack of formal enforcement action, this decision by the BDPA is an important development highlighting the continuing repercussions of the Court of Justice of the EU’s (CJEU) ruling in Schrems II for international data transfers out of the European Union. For detail about Schrems II please see our client alert, available here.
To read the full article, please click here.