Third Country PNR Mechanisms After the CJEU’s Schrems II Judgment

Abstract

The article illustrates how the Court of Justice of the European Union (CJEU)’s Schrems II judgment solidified the European court’s approach to European Union (EU) data protection and the issues of data collection and transfer outside EU borders. The judgment rebalances how to arrange the issues containing the collection of private information and the risk to the public without surveillance. Thus, invalidating previously used EU-Third Country data sharing frameworks. Included in this are the Passenger Name Records (PNR), which are used in day-to-day mechanisms of the air industry when sharing bulk data sets with other countries to provide crucial information for anti-terrorism with border protection agencies. Not only does it protect national security, but makes flying safer. Though the EU argues it cannot sacrifice the integrity of individual data autonomy. Due to the Schrems II judgment, most other countries will be unable to pass new EU standards, and data transfer has to be judged on a case-by-case basis, which when looking at the international air industry is unfeasible. By exploring the Schrems II judgment, this article will analyze the third-country data transfer mechanisms and the impact the judgment had on third countries. Air law, PNR, CJEU, Schrems II, Privacy Shield, national security, European Data Protection, data transfer mechanisms, GDPR, Standard Contractual Clauses (SCC)