The decision by the Court of Justice of the European Union in “Schrems II” provides that the controller-to-processor standard contractual clauses are a viable mechanism for data transfers from the EU to third countries but identified further conditions that need to be considered when implementing them to address the requirement to provide “adequate protection” to such transfers. The CJEU put the onus on data exporters to determine whether the exporter’s implementation of the C2P SCCs…
The Court of Justice of the European Union issued its decision in “Schrems II” Thursday, a landmark decision that invalidates the EU-U.S. Privacy Shield arrangement. Until July 16, Privacy Shield had served as an approved “adequacy” mechanism to protect cross-border transfers of personal data from the European Union to the United States under the EU General Data Protection Regulation. More than 5,000 organizations participate in Privacy Shield. Many thousands more EU companies rely on Privacy…
The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).
Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to the position of the data importer. Indeed, in the following paragraphs, we will turn our attention to the content of the Controller to Processor Standard Contractual Clauses (SCC) and, in particular, to some…
In this blog post we further analyse the impacts of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case. We will focus, more specifically, on what it means for data exporters and what consequences there may be for them, if the decision of Court of Justice of the European Union (CJEU) on the case is consistent with the a.g’s opinion. Data importers will be the focus of another post,…
Francesca Gaudino, a partner in Baker McKenzie’s Milan office, joins this episode of Connect on Tech to discuss the December 18th opinion issued by the Advocates General (AG) of the Court of Justice of the European Union on Data Protection Commissioner v Facebook Ireland (Shrems II). In this episode you will learn: What this opinion means for the resolution of the case View of the AG on standard contractual clauses and how this may affect…
The European Union’s highest court, the Court of Justice of the European Union (CJEU), is evaluating the legitimacy of the EU standard contractual clauses (SCC). SCCs have been the bedrock of cross-border personal data transfers outside the EU for many years. Today, the advocate general (a.g.) has rendered an opinion on the Schrems II case. By way of brief background, Schrems II is a case before the Court of Justice of the European Union (CJEU)…
Fact is that it is not per se illegal to transfer data from the EEA to the U.S. What has changed is that the blanket permission for transatlantic data transfers from the EEA to Safe Harbor certified U.S. companies has fallen away. Nonetheless, alternative transfer mechanisms, in particular Binding Corporate Rules and Standard Contractual clauses may be relied upon for lawfully transferring data from the EEA to the U.S. Further, derogations such as consent and performance of…
On 19 November 2015, the French data protection authority (“CNIL”) published a set of guidelines and FAQs providing guidance to French businesses currently transferring, or planning to transfer, personal data from the EU to the U.S. What Options Are Available For Transferring Personal Data From France To the U.S.?CNIL expressly states that transferring personal data from France to the U.S. on the basis of Safe Harbor is no longer an option. It further confirms that, while…
This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…