At the Intersection of Technology, Law, and Business
July 16, 2020 - Privacy + Data Security, European Union

The Ruling on SCCs and Privacy Shield May Not Be As Straightforward As It Seems

Recent Decision Compelling Disclosure of Data Breach Incident Response Report Highlights the Importance of Preserving Privilege and Protecting Work Product

Today, the Court of Justice of the European Union (“Court”) issued its judgement in the Schrems II‑case. The case relates to the validity of certain transfer mechanisms to legitimize international sharing of personal information from the EU to outside the EU. In short, the Court ruled that the Standard Contractual Clauses (“SCCs”) are valid, but that another widely used mechanism, the EU-U.S. Privacy Shield certification (“Privacy Shield”), is not.

However the Court’s ruling is not as straightforward as it seems. The Court makes a number of sweeping observations relating to both the SCCs and Privacy Shield, which may very well have far wider implications to international data transfers out of the EU.  

Read our client alert.