Abstract
AbstractWith the constant flow of data across jurisdictions, issues regarding conflicting laws and the protection of rights arise. This article considers the EU–US data transfer relationship in the aftermath of the decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems where the Court of Justice of the European Union (CJEU) invalidated an EU–US data transfer agreement for the second time in just five years. This judgment continues the line of cases emphasising the high value the Court places on securing EU personal data in accordance with EU data protection standards and fundamental rights. This article assesses the implications of the ruling for the vulnerable EU–US data transfer relationship.
Highlights
The European Union model of data protection regulation has been remarkably influential on laws and practices adopted worldwide
This article examines the EU–US relationship following the ruling in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II)[13] where the Court of Justice of the European Union (CJEU) invalidated an EU–US data transfer agreement for the second time in just five years
In spite of the Data Protection Commissioner (DPC) only seeking clarity regarding the standard contractual clauses’23 (SCC) Decision, the questions referred by the Irish High Court regarding the level of protection required under Articles 7, 8, and 47 of the Charter compelled the CJEU to take into account the changes brought about by the Privacy Shield Decision —including the introduction of an ombudsperson.[74]
Summary
The European Union model of data protection regulation has been remarkably influential on laws and practices adopted worldwide. In spite of continued criticisms of both systems and their interactions under the Safe Harbour agreement, the jurisdictions had settled into a somewhat uneasy truce where an imperfect system of protection remained in place on a pragmatic basis in order to facilitate data transfers and free trade. The subsequent cases dealing with the EU–US data transfer relationship have demonstrated that the EU Commission model of negotiation with the US is unlikely to withstand the scrutiny of the CJEU without a radical shift in the US approach to surveillance law. This article examines the EU–US relationship following the ruling in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II)[13] where the CJEU invalidated an EU–US data transfer agreement for the second time in just five years. Implications of the decision, it is necessary to consider the key cases that preceded it
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
