The Schrems judgments: a silent revolution for Member States’ procedural autonomy?

Abstract

The Schrems I and Schrems II judgments (C-362/14 Maximillian Schrems v Data Protection Commissioner EU:C:2015:650 and C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems EU:C:2020:559) are well known for the sweeping implications that the law student’s crusade against the data giant Facebook had on international data transfers and for the ensuing headache that they gave to companies, as well as to legislators and public authorities on both sides of the Atlantic. What has remained slightly unexplored, on the other hand, are the constitutional side effects of the combined operation of the two judgments on the relationship between the right to an effective remedy and Member States’ procedural autonomy. In its first part, therefore, this article will review the unusual procedural path that, on the basis of the first Schrems ruling, brought the second Schrems case from the Irish Data Protection Commissioner to the Court. The second part will examine the consequences of the two judgments on effective judicial protection, in particular on the extent to which those appear to create an obligation for the Member States to provide new remedies where the rights of individuals are infringed by secondary EU law.