16th Apr 2024 4:58 pm
  1. What we do
  2. People
  3. International Services
  4. About Us
  5. Careers
  6. Legal Insights, News & Events
  7. Contact Us
Make a payment
16th July 2020

Schrems II decision – Privacy Shield struck down - Standard Contractual Clauses still valid

In an important judgement issued today (Schrems II), Europe’s highest court (the CJEU) has issued a decision which invalidates the EU-US Privacy Shield, but which upholds the validity of Standard Contractual Clauses.

Privacy Shield

Since coming into force in 2016, many firms have relied on Privacy Shield for the transfer of personal data from the EU to self-certifying companies which are based in the USA. This was viewed as an important mechanism for international data transfers.

However, the CJEU has now struck down Privacy Shield due to concerns about US surveillance programmes and a failure to provide individuals with sufficient judicial protection and actionable rights before the courts against US authorities.

Any firms which currently rely solely on the Privacy Shield for EU to US data transfers will now be required to put in place alternative arrangements. In particular, many such firms will now be required to consider putting in place Standard Contractual Clauses.

Standard Contractual Clauses

As part of the Schrems II judgement, the CJEU has upheld the validity of Standard Contractual Clauses. These are template clauses which have been issued by the European Commission in order to enable the transfer of personal data to countries outside the EU.

The Standard Contractual Clauses are the most commonly used mechanism for international data transfers in compliance with the GDPR. As such, most businesses will welcome this ruling which confirms that these clauses will continue to be valid.

However, the CJEU has emphasised that, in certain circumstances, data protection regulators in EU Member States will be required to suspend or prohibit data transfers which are based on the Standard Contractual Clauses – for example, this could occur if a regulator takes the view that the Standard Contractual Clauses are not or cannot be complied with in a non-EU country.

As a firm, we have data privacy / GDPR specialists with extensive experience of advising on, and putting in place, Standard Contractual Clauses for international data transfers (as well as other means of lawful transfer).

If you have been relying on Privacy Shield for data transfers to the USA, we can assist you with putting in place Standard Contractual Clauses or alternative safeguards in order to ensure that your data transfers from the EU to the USA remain lawful in accordance with the GDPR.

Key Contacts
's Profile chevron right
David Goodbrand, technology lawyer
David Goodbrand
+44 (0)131 473 6125 david.goodbrand@burnesspaull.com
David's Profile chevron right
R e a d .
IP & Technology Conference 2024: Building Value from Innovation & Creativity

8th May 2024

RSVP here for this year's IP and Technology Conference.

Read more
R e a d .
Digital operational resilience in the financial sector: What is DORA and what are its implications?

25th March 2024

We dive into DORA and discuss its implications for the financial sector.

Read more
R e a d .
Data Trends in 2024

20th February 2024

Uncover generative AI's frontiers in this Trust Economy paper spin-off

Read more