fbpx Skip to content

A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision

The Paper follows the recent decision of the Court of Justice of the European Union (CJEU) to strike down the EU-U.S. Privacy Shield framework (the Schrems II case (case C-311/18)) due to the level of access government authorities in the U.S. have to personal data and the fact that there is no remedy available to EU individuals to ensure protection of their personal data after transfer to the U.S.

In the same judgment, the CJEU determined that although the Standard Contractual Clauses (“SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid, organizations relying on SCCs for data transfers should assess the laws of the recipient country on a case-by-case basis, in order to verify the effectiveness of SCCs in ensuring compliance with EU data protection requirements.

The Paper intendeds to provide an overview of possible practices and measures that could be included in a toolbox, allowing organizations to select those most appropriate for them when addressing the judgment’s requirements in the context of their specific situation and their data transfers.