In July 2020, in a case known as Schrems II, the CJEU ruled that aspects of the U.S. national security legal framework did not meet European Union (EU) privacy requirements. The Court invalidated the EU-U.S. Privacy Shield, which had been the mechanism negotiated by the U.S. government and the European Commission under which thousands of businesses transferred personal data to the U.S. Although the Court upheld the validity of 鈥渟tandard contractual clauses鈥 for transferring data, it stated that it was the responsibility of data controllers, processors, and supervisory authorities to verify, on a case-by-case basis, whether the law of the destination country ensures adequate protection of personal data under EU law.
A great deal rides on finding a sustainable way forward Companies are developing and implementing 鈥渁dequate additional measures鈥 to safeguard data transfers. In addition, government institutions in the U.S. and the EU have been hard at work to respond to the ruling.听 But there is more to be done.
This project brings together U.S. and European experts and practitioners from the government, the private sector, and civil society to develop practical, actionable recommendations for ensuring the viability of transatlantic data flows in light of the Schrems II decision.听听
We recently launched听听(PAB)听to showcase our work with this project. This website hosts a听听with legal resources to understand the听Schrems II听case. PAB also publishes听听discussing issues and potential solutions to cross-border data transfers, especially those at the convergence of technology, privacy, and security.听听
Alex Joel, TLS Scholar-in-Residence and former chief privacy, civil liberties, and transparency officer for the Office of the Director of National Intelligence, is leading this project.听Shanzay Pervaiz听is the Senior Researcher supporting the project.听