ResourceCenter

Colloquial term for Maximillian Schrems v Data Protection Commissioner. See "Max Schrems." The case challenged the Irish DPC’s refusal to investigate a complaint by Max Schrems asking the DPC to suspend data transfers from Facebook Ireland to Facebook Inc. due to Mr. Schrems’ concern that the Snowden revelations suggested his personal data could be accessed by U.S. intelligence authorities and that his EU data protection rights would be violated. At the time, Facebook relied on the U.S.-EU Safe Harbor Framework as the legal basis for personal data transfers under the EU Data Protection Directive. The Irish High Court referred the case to the CJEU. In 2015, the CJEU ruled that the European Commission’s adequacy determination for the U.S.-EU Safe Harbor Framework was invalid, which led to the creation of the EU-U.S. Privacy Shield (see “EU-U.S. Privacy Shield”). In a separate case, often referred to as “Schrems II” (see “Schrems II”), the CJEU invalidated the European Commission’s adequacy determination for Privacy Shield after Schrems amended his complaint of Facebook Ireland to the Irish Data Protection Commissioner.