Europe’s top court strikes down flagship EU-US data transfer mechanism

Original article at: 
Natasha Lomas@riptari /  Commentary by John Brokaw


The Court of Justice of the EU handed down a decision (Schrems II) which invalidates the EU-US Privacy Shield. The decision states that privacy certifications under the program are not adequate for protection of transfers of personal information to the United States. The reasoning is that “the requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred to that third country.”

A full discussion of the decision can be found here:

Because of the decision, many may ask for changes or clarifications to existing addenda intended for privacy compliance. In the short term, the European Commission has been working on updating its mechanism of Standard Contractual Clauses as a substitute for the Privacy Shield. A more comprehensive solution will probably follow as SCCs have also been under attack.