International data transfer

I just browsed #Schrems on my twitter streams. We now have a sequel to SchremsI – SchremsII came into force on 16 July 2020. Never a dull day when it comes to human rights and fundamental freedoms especially when such inalienable rights shine as actionable rights against other ‘rights’.

The CJEU’s judgment and the press release have been summarised by various folks. The essence of #SchremsII – extracted from Center for Democracy & Technology:

  • The safeguards provided by U.S. laws on the access and use by public authorities of data transferred from the European Union do not satisfy the requirements of EU law because, among other things, they do not grant European citizens actionable rights against the U.S. authorities.
  • Even if the Standard Contractual Clauses (SCCs) remain valid, the competent national data protection authorities are required to suspend or prohibit a transfer of personal data to the U.S. where U.S. law fails to appropriately protect Europeans’ personal data.
  • No doubt international data transfer or international trade will continue to flow (and flourish) even without Privacy Shield as there is still GDPR Article 49. Data transfer has to be read in terms of adequacy, derogation, surveillance and also trade politics.

    For now, our inalienable rights shine until another round of drama in the courts.