Last Updated: September 2021
On July 16, 2020, the Court of Justice of the European Union handed out its decision on Case C311-18 Data Protection Commission vs. Facebook Ireland, Max Schrems. The historic ruling invalidated the EU-U.S. Privacy Shield framework and validated standard contractual clauses with an additional layer of requirements when exporting EU citizens’ data to a third country. The invalidation of Privacy Shield and the additional requirements for SCCs have created uncertainty for organizations using these data transfer mechanisms. In response, data protection authorities and government agencies are publishing initial guidance for how to handle the post-“Schrems II” data transfer world. This IAPP Resource Center page collects together DPA and government guidance as it comes out. The IAPP will continue to update this page as new guidance emerges.