August 18, 2020

On 16 July 2020 the Court of Justice of the EU (CJEU) issued its judgment in the case of Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (Schrems II).[1] The CJEU ruled that the EU-US Privacy Shield was invalid and threw the use of standard contractual clauses (SCCs) into question. For an analysis of the immediate impact of this judgment please see our alert here.

Schrems II reiterated the CJEU’s view that EU residents’ data privacy rights are incompatible with the United States’ approach to data privacy in the context of national security. Accordingly, the European Union, and possibly the United Kingdom, will need to change its approach to international personal data transfers (IPDTs) to the United States.

In this article we shall examine some of the critical questions that arise following the judgment, including how the incompatibility between the European Union and United States arises, what this means, and offer some brief thoughts about how this might impact the European Union’s approach to other countries and the United Kingdom’s adequacy decision.

To read the full alert, please click here