The Court of Justice of the European Union recently held in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Schrems II) that standard contractual clauses are valid in principle as an appropriate safeguard for exporting personal data from the EU but that their effectiveness must be verified on a case-by-case basis to determine whether the law of the data importer’s jurisdiction can ensure adequate protection. Where contracting parties have not made such a determination, the European Union’s data protection authorities are required to intervene.
In their roles as arbiters of standard contractual clauses’ validity, data protection authorities have started to outline their positions, including on their effectiveness for data transfers to the United States. We have compiled summaries of those positions, which range from very strict (openly stating that transfers to the U.S. are unlawful) to strict (warning about risks of non-compliance) and measured (considering implications).
Our compilation summarizing the data protection authorities' reactions to Schrems II is available here (maintained).
For additional coverage of the Schrems II judgement, read our recent blog post, here.
Elizabeth Campion, a paralegal in our London office, contributed to this entry.
Authored by Eduardo Ustaran, Henrik Hanssen, Laur Badin, and Julian Flamant.
Are you sure want to delete comment ?
Scan this QR Code to share this content
