Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.



Guidance notes for responding to ‘Schrems II’

Published: July 2020

Contributors: Amy de La Lama, Elisabeth Dehareng, Lothar Determann, Michael Egan, Lukas Feiler, Joanna de Fonseka, Francesca Gaudino, Brian Hengesbaugh, Julia Kaufmann, Brandon Moseberry, Michaela Nebel, Wouter Seinen, Florian Tannen, Harry Valetk

In response to the Court of Justice of the European Union’s historic ruling July 16, 2020, on the so-called “Schrems II” court case, members from Baker McKenzie shared a series of guidance notes on what the decision means for companies that rely on EU-U.S. Privacy Shield, controller-to-processor standard contractual clauses, SCCs for transfers to controllers, derogations/exceptions to transfer restrictions, and binding corporate rules, as well as for Brexit and what companies can expect with the road ahead on these issues.

  • Part 1: What Privacy Shield organizations should do
  • Part 2: Controller-to-processor SCCs
  • Part 3: Data transfers and Brexit
  • Part 4: Impact on controller-to-controller SCCs
  • Part 5: BCRs as a robust alternative
  • Part 6: Impacts on companies that rely on derogations
  • Part 7: Technology, media and telecommunications services
  • Part 8: Predictions for the road ahead after ‘Schrems II’
Tags: Europe, U.S., Privacy Law, Privacy Research, Transborder Data Flow
Related Stories
The impact of the CJEU’s decision on 'Schrems II'
Published: July 2020Click To View (PDF)Click To View (JPG) The Court of Justice of the European Union declared the EU-U.S. Privacy Shield arrangement is invalid. However, it did uphold the validity of standard contractual clauses, with a caveat: the third country to which EU data is transferred m...
Read More
7 predictions for the road ahead after 'Schrems II'
It's difficult to believe that it has only been a short time since the Court of Justice of the European Union invalidated the European Commission adequacy finding for the EU-U.S. Privacy Shield on July 16, 2020. So much has changed.  In this final note in the series, we provide seven predictions fo...
Read More
What 'Schrems II' means for companies that rely on derogations
1
Starting with a good note: The "Schrems II" judgment does not lead to significant negative implications for companies that rely on the derogations the EU General Data Protection Regulation provides for international data transfers through Article 49. The Court of Justice of the European Union's jud...
Read More