Reality and Illusion in EU Data Transfer Regulation Post Schrems

18 German Law Journal 881 (2017)

38 Pages Posted: 6 Mar 2016 Last revised: 8 Jul 2017

See all articles by Christopher Kuner

Christopher Kuner

Centre for Information and Innovation Law, University of Copenhagen; Centre for European Legal Studies; European Centre on Privacy and Cybersecurity, Maastricht University

Date Written: July 7, 2017

Abstract

The judgment of the Court of Justice of the European Union in Schrems v. Data Protection Commissioner, in which the Court invalidated the EU-US Safe Harbour arrangement, is a landmark in EU data protection law. The judgment affirms the fundamental right to data protection in the context of international data transfers, defines an adequate level of data protection, and illustrates how data protection rights under EU law can apply to data processing in third countries. It also raises questions about the status of other legal bases for international data transfers under EU law, and shows that many legal disputes concerning data transfers are essentially political arguments in disguise. The Schrems judgment illustrates the tendency of EU data protection law to focus on legalistic mechanisms to protect data transfers rather than on protection in practice. The EU and the US have since agreed on a replacement for the Safe Harbour (the EU-US Privacy Shield), the validity of which will likely be tested in the Court of Justice. Regulation of data transfers needs to go beyond formalistic measures and legal fictions, in order to move from illusion to reality.

Keywords: Data protection, privacy, European Court of Justice, Schrems, Privacy Shield, EU law, Internet privacy, international data transfers

Suggested Citation

Kuner, Christopher, Reality and Illusion in EU Data Transfer Regulation Post Schrems (July 7, 2017). 18 German Law Journal 881 (2017), Available at SSRN: https://ssrn.com/abstract=2732346 or http://dx.doi.org/10.2139/ssrn.2732346

Christopher Kuner (Contact Author)

Centre for Information and Innovation Law, University of Copenhagen ( email )

Studiestraede 6
Studiestrade 6
Copenhagen, DK-1455
Denmark

Centre for European Legal Studies ( email )

10 West Road
Cambridge, CB3 9DZ
United Kingdom

European Centre on Privacy and Cybersecurity, Maastricht University ( email )

P.O. Box 616
Maastricht, 6200
Netherlands

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
4,079
Abstract Views
12,486
Rank
4,662
PlumX Metrics