This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

International In-house Counsel Journal logoInternational In-house Counsel Journal logo

Schrems II Judgment on Cross Border Personal Data Flows Under EU-US Privacy Shield Mechanism: Good Diagnosis, Vague Prescription

October 2020
Data ProtectionIT

Abstract

In the case of Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems [C-311/18] decided on July 16, 2020, the Court of Justice of the European Union with immediate effect invalidated the EU-US Privacy Shield mechanism for failing to provide protection equivalent to the EU GDPR regime. The EU-US Privacy Shield mechanism was a framework that was negotiated by the US Department of Justice and the European Commission as being adequate for enabling organizations to transfer personal data from the EU to the US. This article critically analyzes the judgment and its impact on various stakeholders - the EU based data exporter; the data recipient based in the US/third party country; national data protection authorities in the various EU nations; the US Government and the data owners based in the EU. This article also reviews the adequacy of other mechanisms for data transfer (like Binding Corporate Rules) and recommends certain additional safeguards that corporate organizations can consider to mitigate the risk of personal data transfer being invalidated on the ground of inadequacy of protection in the recipient country.

Read Paper

Author

Portrait image of Subhrarag Mukherjee
Subhrarag Mukherjee
Senior Legal Counsel – Strategic Alliances & OEM (North America & Worldwide), Hewlett Packard Enterprise, India

I am a Senior Legal Counsel in Hewlett Packard Enterprise (HPE) overseeing the legal support for the 'Strategic Alliance' and 'OEM' business groups for North America & Worldwide regions.

Company

Hewlett Packard Enterprise

Hewlett Packard Enterprise is an Information Technology MNC focussed on providing various kinds of IT hardware and software products and system integration services to its enterprise clients across the world.

Related Papers

Intermediary Dilemma
In today’s digital world everyone is connected with technology either in the form of the internet or in some form of data which infact brings fear in the mind of...Read more
Portrait image of Nitin Bhati
Nitin Bhati
Executive Director - Legal, Rackbank Datacenters Pvt., India
India’s Personal Data Protection Bill (“PDP Bill”), 2018: Brief Introduction, Key Provisions and Comparison with GDPR
In today's digital age, a primary point of concern for the individuals is breach of their privacy. India currently lacks any comprehensive data protection regime which can protect its citizens...Read more
Portrait image of Harish Suryavanshi
Harish Suryavanshi
Senior Corporate Counsel , Tech Mahindra Limited, India
Crossing National Boundaries to Access Electronic Data: New Technology, Old Laws
On June 5, 2013, Edward Snowden revealed to the world that the U.S. government had ordered Verizon to hand over data under the USA PATRIOT Act, and, the following day,...Read more
Portrait image of Sanjay Agrawal
Sanjay Agrawal
Senior Counsel, Elekta AB, USA
Data Breach: What YOU can do about it?
In May 2017 the cyber world was under attack. The WannaCry cryptoworm spread quickly, preventing or limiting users from accessing their systems. This was the largest ransomware attack targeting commercial...Read more
Portrait image of Marcelo Souccar
Marcelo Souccar
CEO Juritis USA and General Counsel Juritis Group, Juritis USA LLC TOTVS Official Partner, USA