In one of the most highly anticipated court cases in data protection, the Court of Justice of the European Union announced via Twitter Thursday that case C-311/18 — Facebook Ireland and Schrems — will be delivered July 16. The so-called "Schrems II" case will decide whether standard contractual clauses are a valid means of transferring data under the EU General Data Protection Regulation. 

Last December, Court of Justice of the European Union Advocate General Henrik Saugmandsgaard Øe released his non-binding opinion of the case.

Though the opinion did not call for invalidation of SCCs, Fennessy noted that "the opinion perpetuates the uncertainty that has plagued data transfers for at least a decade. That is because the opinion suggests that companies and data protection authorities should assess the sufficiency of foreign countries' national security protections on a case-by-case basis." 

ADVERTISEMENT

Cassie IAPP Leaderboard - Future-proofing your data, 2025 and beyond

According to

Fennessy said at the time, "If the full court follows the direction of the advocate general, it would preserve the European Commission’s adequacy determination for Privacy Shield, while still calling the sufficiency of its protections in the national security sphere into question. That may lead Privacy Shield participants to consider a belt-and-suspenders approach in which they sign model contracts, as well." 

Photo by Elena Mozhvilo on Unsplash