Today, the Court of Justice of the European Union (“Court”) issued its judgement in the Schrems II‑case. The case relates to the validity of certain transfer mechanisms to legitimize international sharing of personal information from the EU to outside the EU. In short, the Court ruled that the Standard Contractual Clauses (“SCCs”) are valid, but that another widely used mechanism, the EU-U.S. Privacy Shield certification (“Privacy Shield”), is not.
However the Court’s ruling is not as straightforward as it seems. The Court makes a number of sweeping observations relating to both the SCCs and Privacy Shield, which may very well have far wider implications to international data transfers out of the EU.
Read our client alert.