On 16 July 2020 the Court of Justice of the European Union (CJEU) handed down judgment in case C-311/18 ("Facebook Ireland and Schrems").
This ruling was highly anticipated, and crucially dealt with the validity of both the "Privacy Shield" arrangement between the EU and the US, and the "standard contractual clauses" or "SCCs", under which personal data can also be transferred to countries outside the European Economic Area. SCCs in particular are a fundamentally important mechanism for many companies who trade across global borders.
The Ireland Data Protection Commissioner (having received complaints from Schrems) asked the Court to rule on whether access to such data by US security agencies meant that such agreements were illegal under EU law. The CJEU’s response was to strike down the Privacy Shield on the grounds that US laws do not provide a sufficiently high level of protection of personal data. Although the Court said that the SCCs remain valid in principle, an important aspect of the case is that it raises serious questions as to whether, in practice, the SCCs can be relied upon when transferring personal data to the US.
Partner Adam Rose, described this as “a hugely significant decision” by the EU courts, saying it could shape the future of global trade.
Adam said; “There must now be serious questions as to whether any transfers to the US can be valid.”
Read the full article here.