Advocate General: Standard contractual clauses for the transfer of personal data to processors established in third countries is valid
The General Data Protection Regulation (GDPR), like the Data Protection Directive which it replaced, provides that personal data may be transferred to a third country if that country ensures an adequate level of protection of the data. In the absence of a decision of the Commission finding that the level of protection ensured in the third country in question is adequate, the data controller may nevertheless proceed with the transfer if it is accompanied by appropriate safeguards. Those safeguards may take the form, inter alia, of a contract between the exporter and the importer of the data containing standard protection clauses set out in a Commission decision. By Decision 2010/87/EU, the Commission established standard contractual clauses for the transfer of personal data to processors established in third countries. The present case concerns the validity of that decision.
The facts and the background to the dispute in the main proceedings
The dispute in the main proceedings has its origins in the proceedings initiated by Mr Maximillian Schrems, an Austrian Facebook user, which gave rise to a judgment of the Court of Justice delivered on 6 October 2015 (‘the judgment in Schrems’).
The data of Facebook users residing in the EU, such as Mr Schrems, are transferred, in full or in part, from Facebook Ireland, the Irish subsidiary of Facebook Inc., to servers located in the United States, where they are processed. In 2013, Mr Schrems lodged a complaint with the Irish authority responsible for monitoring the application of the provisions relating to the protection of personal data (‘the supervisory authority’), taking the view that, in the light of the revelations made by Edward Snowden concerning the activities of the United States intelligence services (in particular the National Security Agency or ‘NSA’), the law and practices of the United States do not offer sufficient protection against surveillance, by the public authorities, of the data transferred to that country. The supervisory authority rejected the complaint, on the ground, inter alia, that in a decision of 26 July 2000 the Commission had considered that, under the ‘safe harbour’ scheme,6 the United States ensured an adequate level of protection of the personal data transferred.
Latest News from
ESMA Consults on Fees For Benchmarks Administrators28/09/2020 09:25:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, recently (25 September 2020) launched a consultation on fees for benchmarks administrators under the BMR.
Statement by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland25/09/2020 15:25:00
Statement given by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland.
Why is Parliament calling for new EU revenue-raising powers?25/09/2020 14:33:00
Parliament is calling for new EU revenue sources to invest in Europe’s future and support the Covid-19 recovery without burdening taxpayers.
Hong Kong: Statement by the Spokesperson on the arrest of Joshua Wong and other pro-democracy activists25/09/2020 13:25:00
The arrest of Hong Kong pro-democracy activist Joshua Wong on 24 September is the latest in a troubling series of arrests of pro-democracy activists since the summer.
ESMA Consults On MIFIR Reference Data And Transaction Reporting25/09/2020 12:38:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, yesterday launched a Consultation Paper (CP) reviewing the reference data and transaction reporting obligations under the Market in Financial Instruments Regulation (MiFIR).
MEPs question whether the new Migration Pact will bring about real change25/09/2020 11:33:00
The new Migration Pact is insufficient for the majority of EP groups. Some demand compulsory relocation of refugees; others want a firmer stance on irregular arrivals.
Questions and Answers: Coronavirus and the EU Vaccines Strategy25/09/2020 09:25:00
On 17 June, the European Commission presented a European strategy to accelerate the development, manufacturing and deployment of vaccines against COVID-19.
European Centre for Disease Prevention and Control's new risk assessment shows need to step up coronavirus response in the EU24/09/2020 17:02:00
Today, the European Centre for Disease Prevention and Control (ECDC) published its updated risk assessment regarding the COVID-19 pandemic, alongside a set of guidelines for non-pharmaceutical interventions (such as hand hygiene, physical distancing, cleaning and ventilation).
Artificial intelligence: threats and opportunities24/09/2020 16:33:00
Artificial intelligence (AI) affects our lives more and more. Learn about the opportunities and threats for security, democracy, businesses and jobs.