Summary

This is the first of two podcasts that will summarise the ongoing litigation challenging the validity of legal mechanisms for international data transfers from Europe. The so-called ‘Schrems I’ case – Maxmillian Schrems v Data Protection Commissioner (C-362/14) – led to the CJEU invalidating the Safe Harbour Agreement in 2015. The Safe Harbour agreement was replaced by the EU-US Privacy Shield. This podcast explains the CJEU’s reasons for invalidating the Safe Harbour Agreement in Schrems I, outlines the Privacy Shield, and summarises the questions referred to the CJEU in the ‘Schrems II’ case.

The EU laws, Commission Decisions and Communications mentioned in this podcast are:

The Data Protection Directive 95/46/EC

The General Data Protection Regulation EU 2016/679

European Commission Decision 2000/520

The Charter of Fundamental Rights of the European Union 2000

‘Rebuilding Trust in EU-US Data Flows’ (COM(2013)) 846 final)

‘Functioning of Safe Harbour from the Perspective of EU Citizens and Companies Established in the European Union’ (COM(2013) 847 final)

Commission Decision 2016/1250

Commission Decision 2010/87

Commission Decision 2016/2297

Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems C-311/18 (‘Schrems II’)

Treaty on European Union 1992

Treaty on the Functioning of the European Union 2008

European Convention on Human Rights and Fundamental Freedoms 1951

Opinion of Advocate General Saugmandsgaard Øe 19 December 2019