The CJEU judgment in the Schrems II case
In its July 2020 Schrems II judgment, the Court of Justice of the European Union (CJEU) declared the European Commission’s Privacy Shield Decision invalid on account of invasive US surveillance programmes, thereby making transfers of personal data on the basis of the Privacy Shield Decision illegal. Furthermore, the Court stipulated stricter requirements for the transfer of personal data based on standard contract clauses (SCCs). Data controllers or processors that intend to transfer data based on SCCs must ensure that the data subject is granted a level of protection essentially equivalent to that guaranteed by the General Data Protection Regulation (GDPR) and the EU Charter of Fundamental Rights (CFR) – if necessary with additional measures to compensate for lacunae in protection of third-country legal systems. Failing that, operators must suspend the transfer of personal data outside the EU.
At a Glance
About this document
Publication type
Author
Policy area
Keyword
- America
- communications
- cross-frontier data flow
- data protection
- data-processing law
- economic geography
- EDUCATION AND COMMUNICATIONS
- EU Charter of Fundamental Rights
- EU institutions and European civil service
- European construction
- European Data Protection Board
- EUROPEAN UNION
- European Union law
- GEOGRAPHY
- information and information processing
- information technology and data processing
- international affairs
- INTERNATIONAL RELATIONS
- judgment of the Court (EU)
- LAW
- personal data
- political geography
- protection of privacy
- regulation (EU)
- remote sensing
- rights and freedoms
- transatlantic relations
- United States