Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Ireland: DPC questions future validity of SCCs as transfer mechanism to US in light of Schrems II judgment

The Data Protection Commission ('DPC') issued, on 16 July 2020, its statement ('the Statement') on the Court of Justice of the European Union's ('CJEU') judgment ('the Judgment') in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case'). In particular, the DPC welcomed the Judgment as it provided clarity regarding the allocation of responsibility between data controllers and national supervisory authorities when it comes to ensuring that the rights of EU citizens are protected in the context of EU-US data transfers. Furthermore, the DPC noted that it had commenced these proceedings in 2016 because it was concerned that the CJEU's Safe Harbour judgment of 2015 was to be understood as indicating that, for reasons associated with the structure of the legal system in operation in the US, EU-US data transfers were inherently problematic, regardless of the legal mechanism by which such transfers were conducted. In addition, the DPC stated that it had commenced the proceedings specifically in order to secure a decisive statement of position from the CJEU in relation to when an EU citizen's personal data is transferred to the US.

Moreover, the DPC outlined that the CJEU also agreed with the its view that, whichever mechanism is used to transfer data to a third country, the protection afforded to EU citizens in respect of that data must be essentially equivalent to that which is enjoyed within the EU.

Finally, the DPC highlighted that the CJEU had ruled that the Standard Contractual Clauses ('SCCs') transfer mechanism used to transfer data to countries worldwide is, in principle, valid, although, in practice, the application of the SCCs transfer mechanism to transfers of personal data to the US is now being questioned. This is an issue that will require further and careful examination, not least because assessments will need to be made on a case by case basis.

You can read the Statement here.