Schrems II Ruling and Its Impact

The landmark ruling known as the Schrems II decision, handed down by the Court of Justice of the European Union (CJEU) in July 2020, revolutionized the handling of personal data transfers from the European Union (EU) to the United States (US).

Background and Key Players

Maximilian Schrems, an Austrian privacy advocate, was dissatisfied with Facebook’s data transfer practices. His concerns culminated in a legal battle that fundamentally changed international data transfer norms. Using Standard Contractual Clauses (SCCs), Facebook transferred his personal data from the EU to the US, a method Schrems argued inadequately protected his data from undue US government scrutiny.

The ruling involved several key players including the CJEU, which made the decision, and the European Commission and US government, both parties to the invalidated EU-US Privacy Shield agreement.

Consequences and Implications

The Schrems II ruling invalidated the Privacy Shield agreement, a framework that regulated data transfers between thousands of EU and US companies since 2016. Companies are now compelled to scrutinize their data transfer methods, particularly the use of SCCs, to ensure compliance with EU privacy laws.

The decision has also prompted a reconsideration of the balance between data privacy and national security, a topic of heated debate in the US. Ultimately, the ruling has implications not only for businesses but also for broader societal perspectives on privacy.

Return to case study