SlideShare a Scribd company logo

Evertio Schrems II

Fanny Surjana
Fanny Surjana

Schrems II

Law
1 of 12
Download to read offline
https://evertio.com Schrems II
Overview The purpose of this slides is to provide an overview of the Schrems II case regarding the transfer of personal data between the European Union (EU) and the United States (US). This paper will then analyze the decision behind the ruling by the European Union Court of Justice (CJEU) against the EU-US Data Protection Shield, and the potential effects of the ruling on the companies that are involved in the data transfers. 2
Background: Schrems I Schrems 2 is the continuation of privacy lawyer Maximilian Schrems’s complaints against Facebook Ireland over data privacy violations [1]. In 2013, former NSA contractor Edward Snowden leaked a trove of information regarding classified NSA materials. This included a program called "PRISM", which is a program whereby the NSA collects internet communications from U.S. companies such as Facebook. The fact that Facebook would share the data of its European users with the NSA prompted Schrems to file a complaint with the Irish Data Protection Commission. He alleged that Facebook Ireland’s data sharing agreement with Facebook, Inc., its American parent, violated Schrems’ rights under the Charter of Fundamental Rights of the European Union because of Facebook Inc.’s cooperation with US intelligence agencies. 3 Schrems I resulted in the invalidation of the Safe Harbor framework, leading to the creation of the Privacy Shield as a replacement [4]. However, this did not address Schrem’s original complaint over the validity of Facebook’s data transfer, as it and other companies simply switched over to using Standard Contractual Clauses (SCCs), an alternative process of data transfer. By consequence, Schrems continued his campaign, filing another complaint to the Irish High court, challenging the validity of the Privacy Shield and the SCCs. This was again referred to the CJEU, leading to the Schrems II case.
What is the Privacy Shield? The privacy shield was a framework designed by the U.S. Department of Commerce and the European Commission and Swiss Administration, to provide companies with a presence in both countries with a mechanism to comply with data protection requirements when transferring personal data from the EU to the US for commercial purposes [2]. The framework was initially approved by both the EU and the Swiss, as on July 12, 2016, the European Commission deemed it adequate to enable data transfers under EU law. Similarly, on January 12, 2017, the Swiss Government approved it as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. 4 The framework was initially approved by both the EU and the Swiss, as on July 12, 2016, the European Commission deemed it adequate to enable data transfers under EU law. Similarly, on January 12, 2017, the Swiss Government approved it as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The privacy shield was a replacement for “Safe Harbor” a EU-US data transfer agreement that was previously invalidated by the CJEU in 2015 after an earlier challenge submitted by Max Schrems, a notable Austrian lawyer and privacy activist.
Who is Max Schrems? Maximillian Schrems is an Austrian attorney and privacy advocate. Schrems I (Maximillian Schrems v Data Protection Commissioner) and Schrems II (Data Protection Commission v. Facebook Ireland, Schrems) arose from complaints lodged by Schrems with the Irish Data Protection Commission [3]. In his complaints, he challenged the lawfulness of transfers of his personal data by Facebook in Ireland to Facebook in the US, on the ground that the legal system in the US did not ensure adequate protection of his personal data against US national security surveillance activities. Schrems I invalidated the Privacy Shield’s predecessor- the Safe Harbor. In Schrems II, Schrems challenged the validity of the Privacy Shield. 5
CJEU Ruling On July 6th, 2020, the CJEU struck down the EU-US Data Protection Shield, ruling the arrangement to be inadequate and not up to the standards of EU law. However, the ruling does not mean invalidate the operations of the privacy shield itself. “The Standard Contractual Clauses remain a valid tool for the transfer of personal data to processors established in the third countries. This means that the transatlantic data flows can continue based on the broad toolbox for international transfers provided by the GDPR.” - Věra Jourova, Commissioner with Responsibility for Trust and Transparency. What happened to the Privacy Shield? 6
Reasons behind the ruling Intervention by U.S. Authorities US authorities can access and use personal data of EU subjects transferred under the Privacy Shield for purposes which go beyond what is strictly necessary and proportionate to the purpose of national security. The prime concern with US law and practices is that US businesses receiving national security letters, or other such federal investigative actions, are often precluded from contacting the investigation targets (data subjects) about the inquiry. This is contrary to the transparency principles of the GDPR. 7 Inadequate Protection The Court concluded that the US laws and practices do not ensure a level of protection essentially equivalent to that guaranteed under EU laws, especially the actionable rights of individuals before the US courts with respect to the US intelligence services’ powers [5].
Effects of the Ruling: Companies The invalidation of the Privacy Shield has significant implications for Facebook and other companies that used the framework, as they will need to find alternative methods to transferring data. While the ruling does not invalidate the SCCs themselves, the Court has clarified that the ruling applies to all data flows, even within SCCs, whose company falls under the NSA surveillance law. But the ruling has not had the immediate effect that some may have hoped, as most companies such as Facebook have instituted delays as they review the decision and evaluate potential actions. As such, it might be some time before the effects of the ruling are felt by the private sector at large, if at all by major firms such as Apple or Google who could seek exemptions or otherwise to avoid absolute compliance. 8
Effects of the Ruling: Countries The invalidation of the Privacy Shield also has implications for frameworks between the EU and other countries. Given that other jurisdictions such as India or China also possess strong surveillance capabilities, the ruling sets a new precedent for future evaluations of data transfers to those countries [6]. One immediate implication is for the United Kingdom, which recently separated from the EU as a result of the Brexit referendum. UK surveillance law has also faced repeated challenges under EU human rights. As a result, the UK could stand to fall under the same ‘third country’ category that the US is in. However, there are differences between US law, which is entirely sovereign, and UK law, which has been reviewed and amended by European courts to comply with EU regulations. 9
Conclusion The outcome of Schrems II was unsurprising given the Court’s strong support for data protection rights and previous criticisms of the Privacy Shield. However, the ruling is a monumental decision that could have sweeping consequences for American companies operating in the EU and data transfer agreements between the EU and other nations. Companies that relied on the Privacy Shield must now find legal alternatives if they are to continue operations, or else be forced to pull out of Europe entirely. The ruling also means that the US will not be able to merely reach a third agreement by making minor changes to the Privacy Shield. Given that it is unlikely the US would easily relinquish its national surveillance operations for the sake of adhering to EU regulations, the burden falls on companies to deal with the legal implications [7]. 10 One idea could be to develop codes of conduct or certification mechanisms together with enforceable commitments covering US data flows as foreseen under Article 46(2) GDPR. Codes of conduct and certification mechanisms as a legal basis for data transfers have not been approved under the GDPR thus far but present an opportunity for both countries to cooperate on.
References 1.https://techcrunch.com/2020/07/16/europes-top-court-strikes-down-flagship-eu-us-data-transfer-mechanism/? 2.https://www.privacyshield.gov/Program-Overview 3.https://www.theprivacyscoop.com/general/schrems-ii-invalidation-of-the-privacy-shield/ 4.https://iapp.org/news/a/understanding-schrems-2-0/ 5.https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf 6.https://europeanlawblog.eu/2020/07/17/the-schrems-ii-judgment-of-the-court-of-justice-and-the-future-of-data-transfer-regulation/ 7.https://www.nortonrosefulbright.com/en/knowledge/publications/ad5f304c/schrems-ii-landmark-ruling-a-detailed-analysis 11
About Evertio Evertio helps companies launch a privacy program by providing basic privacy education and privacy tools. Our software features include data mapping, assessments, privacy and cookie policy generator and many more. 12 https://evertio.com

Recommended

Criminal law.power point
Criminal law.power pointCriminal law.power point
Criminal law.power pointVIT LAW SCHOOL,CHENNAI
 
Maxims of equity
Maxims of equityMaxims of equity
Maxims of equityMuskaan Muneer
 
Right to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewRight to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewjoydev majumdar
 
Possession jurisprudence
Possession jurisprudencePossession jurisprudence
Possession jurisprudenceJaiveer Singh Bhati
 
LEGAL RESEARCH LAW
LEGAL RESEARCH LAWLEGAL RESEARCH LAW
LEGAL RESEARCH LAWapurvadhawankar1
 
Private international law
Private international lawPrivate international law
Private international lawMd.Rezaul Hoque Razu
 
Case study of Rylands v. Fletcher
Case study of Rylands v. FletcherCase study of Rylands v. Fletcher
Case study of Rylands v. FletcherNational Law University, Orissa
 
JUDICIAL PRECEDENTS AS A SOURCE OF LAW
JUDICIAL PRECEDENTS AS A SOURCE OF LAW JUDICIAL PRECEDENTS AS A SOURCE OF LAW
JUDICIAL PRECEDENTS AS A SOURCE OF LAW Gaurav Purohit
 

Recommended

Criminal law.power point
Criminal law.power pointCriminal law.power point
Criminal law.power pointVIT LAW SCHOOL,CHENNAI
 
Maxims of equity
Maxims of equityMaxims of equity
Maxims of equityMuskaan Muneer
 
Right to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewRight to privacy – a bird’s eyeview
Right to privacy – a bird’s eyeviewjoydev majumdar
 
Possession jurisprudence
Possession jurisprudencePossession jurisprudence
Possession jurisprudenceJaiveer Singh Bhati
 
LEGAL RESEARCH LAW
LEGAL RESEARCH LAWLEGAL RESEARCH LAW
LEGAL RESEARCH LAWapurvadhawankar1
 
Private international law
Private international lawPrivate international law
Private international lawMd.Rezaul Hoque Razu
 
Case study of Rylands v. Fletcher
Case study of Rylands v. FletcherCase study of Rylands v. Fletcher
Case study of Rylands v. FletcherNational Law University, Orissa
 
JUDICIAL PRECEDENTS AS A SOURCE OF LAW
JUDICIAL PRECEDENTS AS A SOURCE OF LAW JUDICIAL PRECEDENTS AS A SOURCE OF LAW
JUDICIAL PRECEDENTS AS A SOURCE OF LAW Gaurav Purohit
 
State Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal LawState Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal LawUniversity of Rajshahi
 
Research Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptxResearch Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptxniharikagupta85779
 
VICARIOUS LIABILITY new trends
VICARIOUS LIABILITY new trendsVICARIOUS LIABILITY new trends
VICARIOUS LIABILITY new trendsADVOCATE PRAVEEN KUMAR
 
3 registro civil de la personas
3 registro civil de la personas3 registro civil de la personas
3 registro civil de la personasreina13
 
E drejta civile
E drejta civileE drejta civile
E drejta civileKorab Grabovci
 
Services under the union and the states
Services under the union and the statesServices under the union and the states
Services under the union and the statesPrachi Tripathi
 
locus standi
locus standilocus standi
locus standianamika18
 
ADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case PresesntationADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case PresesntationJaimin Joshi
 
nature &scope of juris new-2.pptx
nature &scope of juris new-2.pptxnature &scope of juris new-2.pptx
nature &scope of juris new-2.pptxbeejalahuja1
 
Hindu law
Hindu lawHindu law
Hindu lawShubhranshu Upadhyay
 
Ll.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownershipLl.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownershipRai University
 
Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)profrenanaraujo
 
Criminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intentionCriminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intentionsurrenderyourthrone
 
Introduction to legal history of bangladesh
Introduction to legal history of bangladeshIntroduction to legal history of bangladesh
Introduction to legal history of bangladeshSaifuz Zaman
 
Rights and Duties
Rights and DutiesRights and Duties
Rights and DutiesShivamJaiswal151963
 
Muslim law under indian succession act 1925
Muslim law under indian succession act 1925Muslim law under indian succession act 1925
Muslim law under indian succession act 1925Chand Pasha
 
1) what is law (1)
1) what is law (1)1) what is law (1)
1) what is law (1)Nur Athirah
 
E dr. penale
E dr. penaleE dr. penale
E dr. penalezogaj
 
Parliamentary control of Delegated Legislation
Parliamentary control of Delegated LegislationParliamentary control of Delegated Legislation
Parliamentary control of Delegated Legislationraikhanna
 
Adultery Law in India
Adultery Law in IndiaAdultery Law in India
Adultery Law in IndiaLaw Laboratory
 
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedBulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedCohenGrigsby
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?Seb Oram
 

More Related Content

What's hot

State Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal LawState Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal LawUniversity of Rajshahi
 
Research Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptxResearch Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptxniharikagupta85779
 
3 registro civil de la personas
3 registro civil de la personas3 registro civil de la personas
3 registro civil de la personasreina13
 
Services under the union and the states
Services under the union and the statesServices under the union and the states
Services under the union and the statesPrachi Tripathi
 
locus standi
locus standilocus standi
locus standianamika18
 
ADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case PresesntationADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case PresesntationJaimin Joshi
 
nature &scope of juris new-2.pptx
nature &scope of juris new-2.pptxnature &scope of juris new-2.pptx
nature &scope of juris new-2.pptxbeejalahuja1
 
Ll.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownershipLl.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownershipRai University
 
Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)profrenanaraujo
 
Criminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intentionCriminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intentionsurrenderyourthrone
 
Introduction to legal history of bangladesh
Introduction to legal history of bangladeshIntroduction to legal history of bangladesh
Introduction to legal history of bangladeshSaifuz Zaman
 
Muslim law under indian succession act 1925
Muslim law under indian succession act 1925Muslim law under indian succession act 1925
Muslim law under indian succession act 1925Chand Pasha
 
1) what is law (1)
1) what is law (1)1) what is law (1)
1) what is law (1)Nur Athirah
 
E dr. penale
E dr. penaleE dr. penale
E dr. penalezogaj
 
Parliamentary control of Delegated Legislation
Parliamentary control of Delegated LegislationParliamentary control of Delegated Legislation
Parliamentary control of Delegated Legislationraikhanna
 

What's hot (20)

State Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal LawState Jurisdiction under International Criminal Law
State Jurisdiction under International Criminal Law
 
Research Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptxResearch Methods & Legal Writing-LL.M.-PPT.pptx
Research Methods & Legal Writing-LL.M.-PPT.pptx
 
VICARIOUS LIABILITY new trends
VICARIOUS LIABILITY new trendsVICARIOUS LIABILITY new trends
VICARIOUS LIABILITY new trends
 
3 registro civil de la personas
3 registro civil de la personas3 registro civil de la personas
3 registro civil de la personas
 
E drejta civile
E drejta civileE drejta civile
E drejta civile
 
Services under the union and the states
Services under the union and the statesServices under the union and the states
Services under the union and the states
 
locus standi
locus standilocus standi
locus standi
 
ADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case PresesntationADM Jabalpur V. Shivkant Shukla Case Presesntation
ADM Jabalpur V. Shivkant Shukla Case Presesntation
 
nature &scope of juris new-2.pptx
nature &scope of juris new-2.pptxnature &scope of juris new-2.pptx
nature &scope of juris new-2.pptx
 
Hindu law
Hindu lawHindu law
Hindu law
 
Ll.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownershipLl.b ii jii u iii.i ownership
Ll.b ii jii u iii.i ownership
 
Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)Apostila resumo - pc-df (direito penal)
Apostila resumo - pc-df (direito penal)
 
Criminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intentionCriminal law notes - Joint liability; common intention
Criminal law notes - Joint liability; common intention
 
Introduction to legal history of bangladesh
Introduction to legal history of bangladeshIntroduction to legal history of bangladesh
Introduction to legal history of bangladesh
 
Rights and Duties
Rights and DutiesRights and Duties
Rights and Duties
 
Muslim law under indian succession act 1925
Muslim law under indian succession act 1925Muslim law under indian succession act 1925
Muslim law under indian succession act 1925
 
1) what is law (1)
1) what is law (1)1) what is law (1)
1) what is law (1)
 
E dr. penale
E dr. penaleE dr. penale
E dr. penale
 
Parliamentary control of Delegated Legislation
Parliamentary control of Delegated LegislationParliamentary control of Delegated Legislation
Parliamentary control of Delegated Legislation
 
Adultery Law in India
Adultery Law in IndiaAdultery Law in India
Adultery Law in India
 

Similar to Evertio Schrems II

Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedBulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedCohenGrigsby
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?Seb Oram
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Amministratore Bluefactor
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Actfrjennings
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
CJEU decision on Schrems
CJEU decision on SchremsCJEU decision on Schrems
CJEU decision on SchremsGreg Sterling
 
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERS
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERSHAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERS
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERSThomas O. Dubuisson
 

Similar to Evertio Schrems II (20)

Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program InvalidatedBulletin - US-EU Data Privacy Safe Harbor Program Invalidated
Bulletin - US-EU Data Privacy Safe Harbor Program Invalidated
 
After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?After Schrems, how lawful is cloud storage?
After Schrems, how lawful is cloud storage?
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Act
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
The Road to Schrems II
The Road to Schrems IIThe Road to Schrems II
The Road to Schrems II
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Newsletter DP issue 19
Newsletter DP issue 19Newsletter DP issue 19
Newsletter DP issue 19
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
CJEU decision on Schrems
CJEU decision on SchremsCJEU decision on Schrems
CJEU decision on Schrems
 
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERS
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERSHAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERS
HAMBURG DPA FINED 3 INTERNATIONAL COMPANIES FOR ILLEGAL U.S. DATA TRANSFERS
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 

Recently uploaded

一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxSHIVAMGUPTA671167
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881mayurchatre90
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
Introduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionIntroduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionAnuragMishra811030
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdfSUSHMITAPOTHAL
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxca2or2tx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 

Recently uploaded (20)

一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Introduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusionIntroduction to Corruption, definition, types, impact and conclusion
Introduction to Corruption, definition, types, impact and conclusion
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 

Evertio Schrems II

  • 2. Overview The purpose of this slides is to provide an overview of the Schrems II case regarding the transfer of personal data between the European Union (EU) and the United States (US). This paper will then analyze the decision behind the ruling by the European Union Court of Justice (CJEU) against the EU-US Data Protection Shield, and the potential effects of the ruling on the companies that are involved in the data transfers. 2
  • 3. Background: Schrems I Schrems 2 is the continuation of privacy lawyer Maximilian Schrems’s complaints against Facebook Ireland over data privacy violations [1]. In 2013, former NSA contractor Edward Snowden leaked a trove of information regarding classified NSA materials. This included a program called "PRISM", which is a program whereby the NSA collects internet communications from U.S. companies such as Facebook. The fact that Facebook would share the data of its European users with the NSA prompted Schrems to file a complaint with the Irish Data Protection Commission. He alleged that Facebook Ireland’s data sharing agreement with Facebook, Inc., its American parent, violated Schrems’ rights under the Charter of Fundamental Rights of the European Union because of Facebook Inc.’s cooperation with US intelligence agencies. 3 Schrems I resulted in the invalidation of the Safe Harbor framework, leading to the creation of the Privacy Shield as a replacement [4]. However, this did not address Schrem’s original complaint over the validity of Facebook’s data transfer, as it and other companies simply switched over to using Standard Contractual Clauses (SCCs), an alternative process of data transfer. By consequence, Schrems continued his campaign, filing another complaint to the Irish High court, challenging the validity of the Privacy Shield and the SCCs. This was again referred to the CJEU, leading to the Schrems II case.
  • 4. What is the Privacy Shield? The privacy shield was a framework designed by the U.S. Department of Commerce and the European Commission and Swiss Administration, to provide companies with a presence in both countries with a mechanism to comply with data protection requirements when transferring personal data from the EU to the US for commercial purposes [2]. The framework was initially approved by both the EU and the Swiss, as on July 12, 2016, the European Commission deemed it adequate to enable data transfers under EU law. Similarly, on January 12, 2017, the Swiss Government approved it as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. 4 The framework was initially approved by both the EU and the Swiss, as on July 12, 2016, the European Commission deemed it adequate to enable data transfers under EU law. Similarly, on January 12, 2017, the Swiss Government approved it as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The privacy shield was a replacement for “Safe Harbor” a EU-US data transfer agreement that was previously invalidated by the CJEU in 2015 after an earlier challenge submitted by Max Schrems, a notable Austrian lawyer and privacy activist.
  • 5. Who is Max Schrems? Maximillian Schrems is an Austrian attorney and privacy advocate. Schrems I (Maximillian Schrems v Data Protection Commissioner) and Schrems II (Data Protection Commission v. Facebook Ireland, Schrems) arose from complaints lodged by Schrems with the Irish Data Protection Commission [3]. In his complaints, he challenged the lawfulness of transfers of his personal data by Facebook in Ireland to Facebook in the US, on the ground that the legal system in the US did not ensure adequate protection of his personal data against US national security surveillance activities. Schrems I invalidated the Privacy Shield’s predecessor- the Safe Harbor. In Schrems II, Schrems challenged the validity of the Privacy Shield. 5
  • 6. CJEU Ruling On July 6th, 2020, the CJEU struck down the EU-US Data Protection Shield, ruling the arrangement to be inadequate and not up to the standards of EU law. However, the ruling does not mean invalidate the operations of the privacy shield itself. “The Standard Contractual Clauses remain a valid tool for the transfer of personal data to processors established in the third countries. This means that the transatlantic data flows can continue based on the broad toolbox for international transfers provided by the GDPR.” - Věra Jourova, Commissioner with Responsibility for Trust and Transparency. What happened to the Privacy Shield? 6
  • 7. Reasons behind the ruling Intervention by U.S. Authorities US authorities can access and use personal data of EU subjects transferred under the Privacy Shield for purposes which go beyond what is strictly necessary and proportionate to the purpose of national security. The prime concern with US law and practices is that US businesses receiving national security letters, or other such federal investigative actions, are often precluded from contacting the investigation targets (data subjects) about the inquiry. This is contrary to the transparency principles of the GDPR. 7 Inadequate Protection The Court concluded that the US laws and practices do not ensure a level of protection essentially equivalent to that guaranteed under EU laws, especially the actionable rights of individuals before the US courts with respect to the US intelligence services’ powers [5].
  • 8. Effects of the Ruling: Companies The invalidation of the Privacy Shield has significant implications for Facebook and other companies that used the framework, as they will need to find alternative methods to transferring data. While the ruling does not invalidate the SCCs themselves, the Court has clarified that the ruling applies to all data flows, even within SCCs, whose company falls under the NSA surveillance law. But the ruling has not had the immediate effect that some may have hoped, as most companies such as Facebook have instituted delays as they review the decision and evaluate potential actions. As such, it might be some time before the effects of the ruling are felt by the private sector at large, if at all by major firms such as Apple or Google who could seek exemptions or otherwise to avoid absolute compliance. 8
  • 9. Effects of the Ruling: Countries The invalidation of the Privacy Shield also has implications for frameworks between the EU and other countries. Given that other jurisdictions such as India or China also possess strong surveillance capabilities, the ruling sets a new precedent for future evaluations of data transfers to those countries [6]. One immediate implication is for the United Kingdom, which recently separated from the EU as a result of the Brexit referendum. UK surveillance law has also faced repeated challenges under EU human rights. As a result, the UK could stand to fall under the same ‘third country’ category that the US is in. However, there are differences between US law, which is entirely sovereign, and UK law, which has been reviewed and amended by European courts to comply with EU regulations. 9
  • 10. Conclusion The outcome of Schrems II was unsurprising given the Court’s strong support for data protection rights and previous criticisms of the Privacy Shield. However, the ruling is a monumental decision that could have sweeping consequences for American companies operating in the EU and data transfer agreements between the EU and other nations. Companies that relied on the Privacy Shield must now find legal alternatives if they are to continue operations, or else be forced to pull out of Europe entirely. The ruling also means that the US will not be able to merely reach a third agreement by making minor changes to the Privacy Shield. Given that it is unlikely the US would easily relinquish its national surveillance operations for the sake of adhering to EU regulations, the burden falls on companies to deal with the legal implications [7]. 10 One idea could be to develop codes of conduct or certification mechanisms together with enforceable commitments covering US data flows as foreseen under Article 46(2) GDPR. Codes of conduct and certification mechanisms as a legal basis for data transfers have not been approved under the GDPR thus far but present an opportunity for both countries to cooperate on.
  • 12. About Evertio Evertio helps companies launch a privacy program by providing basic privacy education and privacy tools. Our software features include data mapping, assessments, privacy and cookie policy generator and many more. 12 https://evertio.com