Schrems II: Statement on international data transfer

Schrems II

What the new CJEU AG statement means for international data transfer

On Thursday, the Advocate General of the Court of Justice of the European Union (CJEU) published his opinion on data transfer in the so-called "Schrems II" case.


Why are international data transfers important?

The transfer of data between the EU and the USA is more at stake than ever. The European GA doubts the validity of the Privacy Shield. It proposes, and the EU generally follows these proposals, to decide that the standard contractual clauses are generally valid, but that if a data importer is unable to provide the guarantees given by signing the model clauses, the importer is contractually obliged to notify the exporter of the data so that the data transfer is stopped and the data subjects are notified. This is particularly the case if national security regulations prevent an adequate level of data protection and make it impossible to provide the guarantees that the data importer has undertaken to provide. This applies to importers such as Microsoft, Amazon, Google, Facebook, ... who must comply with the Foreign Intelligence Surveillance Act (FISA).

The GA indicated that the CJEU does not have to rule on the Privacy Shield in the context of this decision, but nevertheless set out his view in the event that the court should also rule on the Privacy Shield. It made it quite clear that the Privacy Shield, like the Safe Harbor certification, is still more of a marketing label than providing the protections required by the EU courts in the Safe Harbor decision, and that it would propose to invalidate the Privacy Shield again.
Share this post :