Privacy Shield Framework Invalidated by CJEU Ruling in Schrems II Data Privacy Dispute

    On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S Privacy Shield in the matter of Data Protection Commissioner v. Facebook Ireland Limited, and Maximillian Schrems (Schrems II).

    The Privacy Shield is an agreement used to regulate the transatlantic exchange of personal data for commercial purposes. However, the CJEU found as valid a second principal data transfer method, the Standard Contractual Clauses (SCCs), which were issued by the European Commission “for the transfer of personal data to data processors established outside of the EU.” This decision follows the heavily-debated data privacy dispute involving Facebook’s U.S-based data servers and the method by which data from both U.S. and EU citizens are stored in those servers.

    Read more at the National Law Review

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.