In July 2020, in a case known as Schrems II, the CJEU ruled that aspects of the U.S. national security legal framework did not meet European Union (EU) privacy requirements. The Court invalidated the EU-U.S. Privacy Shield, which had been the mechanism negotiated by the U.S. government and the European Commission pursuant to which thousands of businesses transferred personal data to the U.S. Although the Court upheld the validity of “standard contractual clauses” for transferring data, it stated that it was the responsibility of data controllers, processors, and supervisory authorities to verify, on a case-by-case basis, whether the law of the destination country ensures adequate protection of personal data under EU law.
A great deal rides on finding a sustainable way forward Companies are developing and implementing “adequate additional measures” to safeguard data transfers. In addition, government institutions in the U.S. and the EU have been hard at work to respond to the ruling. But there is more to be done.
This project brings together U.S. and European experts and practitioners from the government, the private sector, and civil society to develop practical, actionable recommendations for ensuring the viability of transatlantic data flows in light of the Schrems II decision.
Alex Joel, TLS Scholar-in-Residence and former chief privacy, civil liberties, and transparency officer for the Office of the Director of National Intelligence, is leading this project.