On July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield – a framework that regulated Trans-Atlantic data transfers. Further, even though the court upheld the validity of Standard Contractual Clauses (SCC) - an EU-approved template to safeguard EU citizens’ data-transfer, it put forth important qualifications for data controllers to adhere to when using such SCCs.
This article analyses the ECJ’s ruling, now known as Schrems II, in three parts. The first section sets the stage for the analysis by providing a brief history of EU-US data-flow arrangements and the developments leading up to Schrems II. The second section analyses the ECJ’s decision in Schrems II and finally, the third section concludes by exploring the implications of the ruling and evaluating the way forward. Continue reading >>