On Thursday, Court of Justice of the European Union Advocate General Henrik Saugmandsgaard Øe released his opinion in the so-called "Schrems II" case, reaffirming the sufficiency of standard contractual clauses, but calling into question U.S. protections for personal data in the national security context. "While companies around the world will likely breathe a momentary sigh of relief that the CJEU seems ready to preserve the mechanism on which the vast majority rely to transfer data globally, the opinion perpetuates the uncertainty that has plagued data transfers for at least a decade," writes IAPP Research Director Caitlin Fennessy, CIPP/US. "That is because the opinion suggests that companies and data protection authorities should assess the sufficiency of foreign countries’ national security protections on a case-by-case basis." In this post for Privacy Tracker, Fennessy breaks down what the nonbinding opinion says and means.
If you want to comment on this post, you need to login.