The lengthy Schrems II case decided by the Irish High Court in October 2017 left open which questions would be referred to the Court of Justice of the European Union. Those 11 questions have now been published by the court, and standard contractual clauses, as well as possibly Privacy Shield, will become subject to review by the CJEU. There are two important caveats in considering the possible impact of these questions. Even if the CJEU overturns the validity of SCCs, the European Commission and data protection authorities have powers under the EU General Data Protection Regulation to fashion new SCCs, so the court case will not be the final word on the matter any more than the invalidation of the Safe Harbor in Schrems I stopped the use of self-certification mechanisms to transfer personal data from the EU to the U.S. In this exclusive for The Privacy Advisor, Thomas Shaw, CIPP/E, CIPP/US, discusses the court's 11 essential questions, in layman's terms. Editor's Note: Shaw is the author of the IAPP's "DPO Handbook."
If you want to comment on this post, you need to login.