Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Irish High Court Refers Future of EU Model Clauses to CJEU

Share

On October 3, 2017, the Irish High Court referred Data Protection Commissioner v. Facebook Ireland Limited & Maximilian Schrems to the Court of Justice of the European Union (CJEU), where the future of standard contractual clauses (SCCs) will be decided (here).

In December 2015—following the CJEU’s landmark decision in Maximillian Schrems v. Data Protection Commissioner invalidating the U.S.-EU Safe Harbor framework—Schrems amended his original complaint to the Irish Data Protection Commissioner (DPC), challenging the validity of data transfers to the U.S. based on the European Commission approved SCCs (available here).  Based on the CJEU’s Schrems decision, the Irish DPC petitioned the Irish High Court asking to refer the matter to the CJEU for ruling on the question of whether the European Commission’s SCC decisions are valid under European law.  Specifically, the Data Protection Commissioner questioned whether there is an effective remedy under U.S. law compatible with the requirements of Article 47 of the EU Charter of Fundamental Rights for an EU citizen whose data is transferred to the U.S., where such data is subject to electronic surveillance by U.S. agencies for national security purposes. EU  citizens  have  a  right  guaranteed  by  Article  47  of  the  Charter  to  an  effective remedy before an independent tribunal if their rights or freedoms are violated. These include the rights under Articles 7 and 8 to respect for private and family life and protection of personal data.

The CJEU will now have to decide the validity of SCCs as a basis for data transfer from the EU to the U.S. and elsewhere.  A ruling by the CJEU could take as long as two years to deliver. Amongst the possible outcomes are that the Court could ultimately find the SCCs valid as-is; it could find them invalid as-is but recommend ways to fix them; it could find that EU data protection authorities must assess the adequacy of the SCCs on a case-by-case basis; or it could find that private contractual clauses – and potentially other data transfer mechanisms as well – do not provide adequate data protection in the context of transfers to certain jurisdictions (like the U.S.) and that the only remedy to this is a political solution (e.g., an agreement by the foreign government to grant EU data subjects certain rights). This last potential outcome could also impact the continued validity of the Privacy Shield framework for transfers of personal data from the EU to the U.S.

These developments in this case come just after the European Commission and U.S. Department of Commerce completed their first annual review of the Privacy Shield framework (press release here). While the formal report of this review is not expected until the second half of October, statements from Commission officials and European data protection authorities at the 39th International Conference of Data Protection and Privacy Commissioners have suggested that the report will be favorable. For organizations transferring data from the EU to the U.S., relief as to the outcomes of the first annual Privacy Shield review may well be overshadowed by longer term concerns as to how the CJEU might approach this important case.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Peter Blenkinsop

Peter Blenkinsop advises clients on regulatory compliance, focusing on two distinct but overlapping areas: (i) information privacy and data protection, and (ii) medical research. View Peter's full bio on the Faegre Drinker website.

About the Author: Jeremiah Posedel

Jeremiah is a partner in the firm's Government & Regulatory Affairs group. Read Jeremiah's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

October 4, 2017
Written by: Peter Blenkinsop and Jeremiah Posedel
Category: EU, Privacy
Tags: CJEU, Data Protection, DOC, EU, International, Privacy Shield

Post navigation

Previous Previous post: Mark your calendars! FTC Workshop on Information Injury set for December
Next Next post: A Top-5 Panel Round-up of the Mobile World Congress Americas

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT