Privacy.Minded. - Data Transfer Turmoil: In Schrems II, Europe’s Top Court Invalidates Privacy Shield And Casts Doubt On U.S. Companies’ Ability To Rely On Standard Contractual Clauses

Travis Brennan, Chair of Stradling’s Privacy and Data Security practice and Katie Beaudin an associate in Stradling’s Business Litigation practice group authored the next alert under Stradling’s new Privacy.Minded. banner, “Data Transfer Turmoil: In Schrems II, Europe’s Top Court Invalidates Privacy Shield And Casts Doubt On U.S. Companies’ Ability To Rely On Standard Contractual Clauses."

• While invalidation of the Privacy Shield is significant, the Court’s holding concerning Standard Contractual Clauses may be more consequential for the many US companies that rely on them.

• The Court confirmed the general validity of SCCs for transferring data outside of the EU, but held that use of SCCs, without more, will not always be an adequate safeguard, particularly when the data importer is in the US or another country that gives law enforcement expansive surveillance powers.

• US companies, particularly those in certain regulated industries, should re-assess the safeguards they rely upon for each EU data transfer relationship and consider whether changes to safeguards, or the transfers themselves, are warranted.