Advocate General: Standard contractual clauses for the transfer of personal data to processors established in third countries is valid
The General Data Protection Regulation (GDPR), like the Data Protection Directive which it replaced, provides that personal data may be transferred to a third country if that country ensures an adequate level of protection of the data. In the absence of a decision of the Commission finding that the level of protection ensured in the third country in question is adequate, the data controller may nevertheless proceed with the transfer if it is accompanied by appropriate safeguards. Those safeguards may take the form, inter alia, of a contract between the exporter and the importer of the data containing standard protection clauses set out in a Commission decision. By Decision 2010/87/EU, the Commission established standard contractual clauses for the transfer of personal data to processors established in third countries. The present case concerns the validity of that decision.
The facts and the background to the dispute in the main proceedings
The dispute in the main proceedings has its origins in the proceedings initiated by Mr Maximillian Schrems, an Austrian Facebook user, which gave rise to a judgment of the Court of Justice delivered on 6 October 2015 (‘the judgment in Schrems’).
The data of Facebook users residing in the EU, such as Mr Schrems, are transferred, in full or in part, from Facebook Ireland, the Irish subsidiary of Facebook Inc., to servers located in the United States, where they are processed. In 2013, Mr Schrems lodged a complaint with the Irish authority responsible for monitoring the application of the provisions relating to the protection of personal data (‘the supervisory authority’), taking the view that, in the light of the revelations made by Edward Snowden concerning the activities of the United States intelligence services (in particular the National Security Agency or ‘NSA’), the law and practices of the United States do not offer sufficient protection against surveillance, by the public authorities, of the data transferred to that country. The supervisory authority rejected the complaint, on the ground, inter alia, that in a decision of 26 July 2000 the Commission had considered that, under the ‘safe harbour’ scheme,6 the United States ensured an adequate level of protection of the personal data transferred.
Latest News from
ESMA Publishes Annual Peer Review of EU CCP Supervision09/04/2021 11:10:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, yesterday published its annual peer review report on the supervision of EU Central Counterparties (CCPs) by National Competent Authorities (NCAs).
ESMA Report Highlights Liquidity Concerns For Alternative Investment Funds08/04/2021 15:20:00
The European Securities and Markets Authority (ESMA), the EU securities regulator, today publishes its third annual statistical report on the Alternative Investment Fund (AIF) sector.
ESMA Publishes Draft Regulatory Technical Standards on Changes to CCPS’ Activities And Models08/04/2021 13:25:00
The European Securities and Markets Authority, the EU’s securities markets regulator, today published its Final Report containing draft regulatory technical standards (RTS) relating to changes to central counterparty (CCP) services and activities, as well as models and parameters under the European Markets Infrastructure Regulation (EMIR).
Joint Statement by Commissioner Reynders and Yoon Jong In, Chairperson of the Personal Information Protection Commission of the Republic of Korea30/03/2021 15:25:00
In their call today, Commissioner for Justice Didier Reynders and Chairperson of the Personal Information Protection Commission Yoon Jong In welcomed the successful conclusion of the adequacy talks between the European Union and the Republic of Korea.
Speech by President von der Leyen at the High-level meeting on the international debt architecture and liquidity30/03/2021 13:25:00
Speech given yesterday by President von der Leyen at the High-level meeting on the international debt architecture and liquidity.
EU values explained in one minute30/03/2021 10:38:00
What are the six core values the European Union is based upon and how do they translate into our daily lives?
COVID-19: EU helps to deliver vaccines to Moldova and medical items to Montenegro and North Macedonia30/03/2021 09:25:00
The EU is supporting Romania in delivering 50,400 doses of vaccines to Moldova in response to the COVID-19 pandemic.
Speech by Commissioner Reynders at American Chamber of Commerce on the Digital Transatlantic Economy29/03/2021 16:33:00
Speech given recently (26 March 2021) by Commissioner Reynders at American Chamber of Commerce on the Digital Transatlantic Economy.