Risk & Compliance monthly highlights - August 2020

Risk & Compliance monthly highlights - August 2020

In this issue:

GDPR & data protection

AML & counter-terrorist financing

Sanctions & export controls

Crime prevention

Health & safety



GDPR & data protection

Schrems II

Information Law analysis: The judgment of the Court of Justice in the case of Facebook Ireland and Schrems (commonly known as Schrems II) has been published. The judgment relates to two key mechanisms used to legitimise transfers to third countries under the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR). In summary, the Court of Justice has invalidated the EU-US Privacy Shield mechanism and specified that any use of standard contractual clauses (SCCs) must offer an adequate level of protection of personal data in practice (based on a case by case assessment of the circumstances of the transfer). See News Analysis: Privacy Shield invalidated and use of appropriate safeguards (including Standard Contractual Clauses) require case by case assessments (Facebook Ireland and Schrems), written by Bridget Treacy, partner, and James Henderson, associate, at Hunton Andrews Kurth.

The European Data Protection Supervisor (EDPS) has welcomed the Schrems II judgment and highlighted that it is the second time in five years ‘that a European Commission adequacy decision concerning the United States is invalidated by the Court’. The EDPS had previously shared criticisms regarding the Privacy Shield by emphasising the importance of ensuring a high level of protection of personal data once transferred from the EU to third countries. The EDPS has also welcomed the clarifications provided by the Court of Justice of the European Union in confirming the validity of Standard Contractual Clauses. See: LNB News 17/07/2020 61 and LNB News 20/07/2020 13.

The EDPB also published Frequently Asked Questions regarding the judgment. See: LNB News 01/01/0001 2635.

The ICO has released a number of statements on the Schrems II judgment. It says it is considering the judgment and

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.