On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S Privacy Shield in the matter of Data Protection Commissioner v. Facebook Ireland Limited, and Maximillian Schrems (Schrems II).
The Privacy Shield is an agreement used to regulate the transatlantic exchange of personal data for commercial purposes. However, the CJEU found as valid a second principal data transfer method, the Standard Contractual Clauses (SCCs), which were issued by the European Commission “for the transfer of personal data to data processors established outside of the EU.” This decision follows the heavily-debated data privacy dispute involving Facebook’s U.S-based data servers and the method by which data from both U.S. and EU citizens are stored in those servers.
