Schrems I and Schrems II: Assessing the Case for the Extraterritoriality of EU Fundamental Rights

Abstract

The paper examines the application of EU fundamental privacy rights to trans-border data flows in the Schrems I and the recently decided Schrems II cases by focusing on two factors that form the basis of the extraterritoriality of EU data protection rights: an internal and an external one. The internal factor concerns the interpretation of EU fundamental rights and the standards of their extraterritorial application. The external dimension refers to the examination of foreign law. The chapter raises two criticisms regarding the Court’s structuring of the premises of extraterritoriality in Schrems I. It argues that the CJEU’s analysis failed to meaningfully engage with issues relating both to the interpretation of EU fundamental rights in the context of their extraterritorial application and to the examination of foreign law. The second part of the chapter focuses on the construction of the two dimensions of extraterritoriality in Schrems II. It concludes that this ruling clarifies both the rules of applicability of EU data protection law beyond borders and its substantive requirements and, therefore, establishes EU digital rights protection on more solid grounds.