Schrems strikes again: The European Court of Justice declares EU-US Privacy Shield illegal

Warning: Undefined array key "mode" in /home/customer/www/ on line 13

In a very recent ruling it was held that tech firms like Facebook must change how they send data from the EU to the US. This legal ruling has been dragged out for several years, beginning back in 2014 after Maxmillian Schrems (Schrems), an Austrian Data Privacy Activist, voiced his concerns following the Snowden revelations.

Edward Snowden, an American whistle blower and ex-subcontractor for the Central Intelligence Agency (CIA) made a series of revelations unmasking the different ways in which the US National Security Agency (NSA) was spying on its citizens. One of the revelations included the existence of PRISM, which was a program allowing the NSA to access data stored by Facebook, Google and several other major companies. Data which belonged to not only the US citizens, but also EU.

 After the initial arrangement, Safe Harbor Privacy Principles were declared invalid, the EU- US Privacy shield was adopted to enable transatlantic exchange of data between EU and US for commercial purposes. It  claimed to comply with the  EU data protection law.  

Schrems argued that the privacy of EU citizens could not be guaranteed when their personal information was sent to the US, and that the US legal system only protected the rights of US citizens. Yesterday, the Court declared the tool invalid and said that “The limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law,”. Simply put, the mass surveillance by the US public authorities such as NSA means that the data cannot be protected as the EU law requires it to be.

As a result of the complaints made and the recent ruling in the European Court of Justice, the US will be forced to consider a change if they want to continue to play a significant role in the EU market. The US will have to introduce measures to ensure compliance with the Data Protection Law. It is definitely worth saying that it this has not halted the relations between the EU and US in data terms. There are some contracts known as “standard contractual clauses” (SCCs) signed between the EU and the US which have not been outlawed. Microsoft is one of the companies already operating under a SCC, and has confirmed being unaffected by the ruling yesterday. 

The flow of data and personal information is essential and an integral part of the relations between the US and EU, so it is in the best interest of all parties to find a positive path forward. The UK should pay close attention to the path taken as they could find themselves in a similar position come the beginning of 2021, after the end of transition period.

This article is intended for guidance only and must not be relied upon for specific advice.

Contact us

Luke Eccles

View posts by Luke Eccles
Luke Eccles has just completed his Masters in law at University of Manchester, but has always had a passion for Sports. He graduated in 2017 with a 2:1 in Business Law, from St Mary’s University, London and stayed down South for a further two years before returning home in August 2019. Having just completed his Masters, he proactively searched for opportunities and recently secured a position at Kissoon Carr, as a legal recruitment consultant. Through this, Luke has learnt a great deal about the legal sector , and is a keen writer and critique of legal articles across most practice areas. Looking into the future, Luke wishes to continue working with Kissoon Carr and also write weekly legal updates in wide-ranging areas of law, where he will provide a consistent, neutral and an unbiased view on topical legal news. He has a developed a deep interest in EU and Competition Law, and sees himself practising these areas of law in the future.
Scroll to top