Reality and Illusion in EU Data Transfer Regulation Post Schrems
18 German Law Journal 881 (2017)
38 Pages Posted: 6 Mar 2016 Last revised: 8 Jul 2017
Date Written: July 7, 2017
The judgment of the Court of Justice of the European Union in Schrems v. Data Protection Commissioner, in which the Court invalidated the EU-US Safe Harbour arrangement, is a landmark in EU data protection law. The judgment affirms the fundamental right to data protection in the context of international data transfers, defines an adequate level of data protection, and illustrates how data protection rights under EU law can apply to data processing in third countries. It also raises questions about the status of other legal bases for international data transfers under EU law, and shows that many legal disputes concerning data transfers are essentially political arguments in disguise. The Schrems judgment illustrates the tendency of EU data protection law to focus on legalistic mechanisms to protect data transfers rather than on protection in practice. The EU and the US have since agreed on a replacement for the Safe Harbour (the EU-US Privacy Shield), the validity of which will likely be tested in the Court of Justice. Regulation of data transfers needs to go beyond formalistic measures and legal fictions, in order to move from illusion to reality.
Keywords: Data protection, privacy, European Court of Justice, Schrems, Privacy Shield, EU law, Internet privacy, international data transfers
Suggested Citation: Suggested Citation