In its long awaited judgment in the Schrems II case, the ECJ has this morning invalidated the EU-US Privacy Shield citing the “limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities” in respect of personal data transferred from the European Union to the United States on the basis that such limitations do not provide the protections ensured under EU law. The ECJ’s concerns centered around certain US surveillance programs which are not limited to what is strictly necessary and EU data subjects not having effective rights of enforcement against US authorities under US laws.
Continue Reading ECJ Invalidates the EU-US Privacy Shield! How Safe is it to Use SCCs for Data Transfers from the EU to the US?
Standard Contractual Clauses
ECJ to Deliver Judgment on the Validity of SCCs on 16th July 2020
The Court of Justice of the European Union (ECJ) has announced that it will deliver its judgment in what has become known as the Schrems II case (Case 311/18 Facebook Ireland and Schrems) on 16th July 2020. The judgment will determine the validity of the Standard Contractual Clauses (or Model Clauses) (SCCs) as a transfer mechanism under the GDPR. This case arose following a complaint from Max Schrems, a lawyer and data privacy campaigner to the Irish Data Protection Commissioner (DPA) about transfers of his personal data from Facebook Ireland to Facebook US using SCCs. Mr. Schrems’s position is that Facebook is violating the EU data protection laws by allowing US intelligence authorities to access his personal data. The DPA issued proceedings in the Irish High Court in relation to the matter, which were stayed in 2018, with various questions raised by the DPC relating to SCC referred to the ECJ for determination.
Continue Reading ECJ to Deliver Judgment on the Validity of SCCs on 16th July 2020