Kemp Little
  • Looking for someone?
  • Email us
  • Search
MENU MENU
Insights overview

Data protection & privacy · 9 July 2019 · Anita Bapat · Emma Wright · Matthew Gregson

Schrems déjà vu? Transfers of personal data once again in the regulatory spotlight

The validity of international transfer mechanisms which allow companies to transfer personal data outside of the EU, is once again the subject of consideration by… Read more

more content below

The validity of international transfer mechanisms which allow companies to transfer personal data outside of the EU, is once again the subject of consideration by the European Courts today. The complaint against Facebook’s trans-Atlantic data sharing practices originally raised in 2013, now comes before the European Court of Justice (“ECJ”) a second time as Facebook (the subject of the initial complaint) has exhausted its legal avenues to appeal or block the consideration.

Chief in issue, is whether the ability of data protection authorities to suspend or ban the transfer of personal data to companies potentially subject to mass surveillance by governmental authorities is sufficient to ensure the continued validity of the standard contractual clauses, and by implication the US Privacy Shield Framework. Such mechanisms form an essential part of the GDPR, allowing hundreds of thousands of companies to lawfully transfer personal data outside the EU.  The derogations are interpreted narrowly so the standard contractual clauses are by far the most common and pragmatic method of enabling transfers of personal data outside the EEA in order to be compliant with GDPR.

The case originates from a complaint by well-known privacy advocate Maximillian Schrems, who has alleged deficiencies in the international transfer frameworks in a challenge to Facebook’s practice of sharing user personal data to the US. The initial complaint to the Irish Data Protection Commissioner and Irish High Court, focused on fears of mass surveillance, raising concerns relating to the ability of US authorities to force big tech companies to share user personal data with the American security services. Mr Schrems previously rose to prominence following a successful referral of his post-Snowden data privacy complaint, and the subsequent (2015) collapse of the then International Safe Harbor Privacy Principles (Safe Harbor).

Should Mr Schrems be successful in his action against Facebook, the ruling by the ECJ has the potential to disrupt the data sharing practices of hundreds of thousands of companies and potentially creating walled gardens within the internet. Although the case relates to transfers to the US under the standard contractual clauses, the fact that clauses apply generally to all international transfers has already caused serious concerns amongst companies and other interested parties (as reflected in the number of parties involved in the case). Remaining compliant with the GDPR if the ECJ decides in Schrems favour will be a time-consuming process.  In the run up to GDPR, companies should have already assessed their data flows – it is now worth revisiting and identifying those processes, underlying infrastructure and areas of the business that are currently dependent on exporting personal data outside of the EEA and considering which systems are critical and if there are other data transfer mechanisms that may be suitable under the GDPR.

  • Share this blog

  • Twitter
  • Facebook
  • Linkedin

Need to talk about this?

Anita BapatAnita Bapat

Emma WrightEmma Wright

Matthew GregsonMatthew Gregson

Get in touch

Sign up for our newsletters

  • Share this Blog

  • Twitter
  • Facebook
  • Linkedin

Other stuff you might like


    Notice: Undefined variable: show_default in /home/kemplittle/test.kemplittle.com/wp-content/themes/kemplittle/single.php on line 349
  1. Podcast | DPO Update: ICO on direct marketing, scientific research opinion, CCTV and fines
  2. From Denmark with love: Our analysis of the new Danish standard contractual clauses
  3. Podcast | DPO Update: Joint controller status, cookies guidance, DP by Design and Default and latest fines
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
close
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
Kemp Little

Lawyers
and thought leaders who are passionate about technology

Expand footer

Kemp Little

138 Cheapside
City of London
EC2V 6BJ

020 7600 8080

hello@kemplittle.com

Services

  • Commercial technology
  • Consulting
  • Disputes
  • Intellectual property
  • Employment
  • Immigration

 

  • Sourcing
  • Corporate
  • Data protection & privacy
  • Financial regulation
  • Private equity & venture capital
  • Tax

Sitemap

  • Our people
  • Insights
  • Events
  • About us
  • Contact us
  • Cookies
  • Privacy
  • Terms of use
  • Compliants
  • Debt recovery charges

Follow us

  • Twitter
  • LinkedIn
  • FlightDeck
  • Sign up for our newsletters

Kemp Little LLP is a limited liability partnership registered in England and Wales (registered number OC300242) and is authorised and regulated by the Solicitors Regulation Authority. Its registered office is 138 Cheapside, London EC2V 6BJ. The SRA Standards and Regulations can be accessed by clicking here.

  • Cyber Essentials logo
  • Tech Nation logo
  • LORCA logo
  • ABTA Partner+ logo
  • Make Your Ask logo
  • FT Innovative Lawyers 2019 winners logo
  • Law Society Excellence Awards shortlisted
  • Legal Business Awards = highly commended
  • Home
  • Our people
  • Services
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
  • Insights
  • Quick reads
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • LORCA
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn
close
close
close

Send us a message

Fill in your details and we'll be in touch soon


Notice: Trying to get property of non-object in /home/kemplittle/test.kemplittle.com/wp-content/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension.php on line 330

close

Sign up for our newsletter

I would like to receive updates and related news from Kemp Little *

Please select from the areas of interest below.

Themes

Services

Please select below any publications that you would like to receive:

Newsletters

close

Register for future event information

close
close
Looking for someone?
Generic filters
Exact matches only

Can't remember their name? View everyone

  • Home
  • Our people
  • Services
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
  • Insights
  • Quick reads
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • LORCA
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn