Legal News

Privacy Shield invalidated and use of appropriate safeguards (including Standard Contractual Clauses) require case by case assessments (Facebook Ireland and Schrems)

Privacy Shield invalidated and use of appropriate safeguards (including Standard Contractual Clauses) require case by case assessments (Facebook Ireland and Schrems)
Published on: 21 July 2020
Published by: LexisPSL
  • Privacy Shield invalidated and use of appropriate safeguards (including Standard Contractual Clauses) require case by case assessments (Facebook Ireland and Schrems)
  • What are the practical implications of this case?
  • SCCs
  • Role of supervisory authorities
  • Privacy Shield
  • Other ‘appropriate safeguards’
  • Personal data transfers to the US
  • Personal data transfers to other jurisdictions
  • Brexit
  • Next steps
  • More...

Article summary

Information Law analysis: Chapter V of the General Data Protection Regulation (GDPR) prohibits the transfer of personal data outside of the European Economic Area (EEA) (which is deemed to include the UK during the Brexit implementation period), unless one of a number of specified transfer mechanisms is in place. On 16 July 2020 the Court of Justice, in the case known as Schrems II or Schrems 2, invalidated the widely used EU-US Privacy Shield mechanism and ruled that use of commonly relied on Standard Contractual Clauses (SCCs) requires organisations to have verified that the SCCs provide an adequate level of protection for personal data in practice based on a case by case assessment. The courts’ ruling on SCCs has implications for other appropriate safeguards, including Binding Corporate Rules (BCRs). Written by Bridget Treacy, partner, and James Henderson, associate, at Hunton Andrews Kurth. or take a trial to read the full analysis.

Popular documents