Schrems II – A brief history, an analysis and the way forward

On July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield – a framework that regulated Trans-Atlantic data transfers. Further, even though the court upheld the validity of Standard Contractual Clauses (SCC) – an EU-approved template to safeguard EU citizens’ data-transfer, it put forth important qualifications for data controllers to adhere to when using such SCCs.
This article analyses the ECJ’s ruling, now known as Schrems II, in three parts. The first section sets the stage for the analysis by providing a brief history of EU-US data-flow arrangements and the developments leading up to Schrems II. The second section analyses the ECJ’s decision in Schrems II and finally, the third section concludes by exploring the implications of the ruling and evaluating the way forward.

Continue Reading →

Diabolical Persistence

As Genna Churches and Monika Zalnieriute wrote here on 16 July, the day on which the Schrems II decision was published, reading the judgment gives more than a simple feeling déjà vu; it rather looks like a full-blown Groundhog Day: One has the impression of being trapped in a time loop that forces us to relive the day – 6 October 2015 – on which the Court of Justice of the European Union (CJEU) adopted Schrems I and invalidated the European Commission’s Safe Harbour Decision (Safe Harbour) adopted on 26 July 2000.
More than a week after the Schrems II judgment was adopted, following the hundreds of comments made on the subject, I shall modestly attempt to consider the judgment (and the underlying saga) from two particular viewpoints.

Continue Reading →

A Groundhog Day in Brussels

16 July 2020 feels like Groundhog Day in Brussels. For those, who did not see the famous film Groundhog Day, it’s about reliving the same experience again and again until the main protagonist gets ‘why’. Similarly, the much anticipated Schrems II decision, delivered by the Court of Justice of the European Union (CJEU) today, is almost a ‘reliving’ of its earlier decision in Schrems I. How many ‘Schrems’ are we going to have — and who is the protagonist that needs to get ‘why’? Let’s look at it all in more detail.

Continue Reading →

Gesicherte Unsicherheit

Mit größter (An-)Spannung waren die am 19.12.2019 veröffentlichten Schlussanträge des Generalanwalts Henrik Saugmandsgaard Øe in der Rechtssache Schrems II erwartet worden (RS. C-311/18). Stehen doch in diesem Verfahren zwei tragende Säulen des internationalen bzw. transatlantischen Datenverkehrs zur Disposition: die Standarddatenschutzklauseln und der EU-US Privacy Shield. Eine erste Analyse der Schlussanträge legt gleichwohl nahe, dass auch zukünftig nur eines sicher ist: grenzüberschreitende Informationsübermittlungen bergen zahlreiche Unsicherheiten für die Betroffenen sowie die datenverarbeitenden Unternehmen.

Continue Reading →