'Contracting Out' Human Rights in International Law: Schrems II and the Fundamental Flaws of U.S. Surveillance Law
Harvard International Law Journal Online (2020)
9 Pages Posted: 28 Aug 2020
Date Written: August 2020
In the midst of the COVID-19 pandemic, on July 16, 2020, the Court of Justice of the European Union (“CJEU”) in Luxembourg handed down a long-awaited judgement on international data transfers in the Schrems II case. The Court found U.S. law does not provide the “essentially equivalent” protection for personal data to that guaranteed by EU law, and invalidated the key mechanism for EU-United States data transfers, Privacy Shield, for the second time in a decade. The CJEU generally upheld the validity of another legal basis for international data transfers—Standard Contractual Clauses (“SCCs”) but implied these clauses are not an avenue for continued transfers of personal data from the EU to the United States. Schrems II is a win for human rights in the EU and beyond, yet, the long-term political impact of this judgement in securing human rights in the digital economy is less certain in light of the $7.1 trillion transatlantic economic relationship at stake. The U.S. government maintains that the protection under its national security laws “meets” and “exceeds” the safeguards “in foreign jurisdictions, including Europe,” suggesting that structural changes in the U.S. legal system are unlikely. Instead, the European Commission (“EC”) and U.S. Department of Commerce may soon carve out another solution for EU companies to “contract out” the protection for human rights where public authorities are unwilling to ensure it.
Keywords: Data protection, privacy, GDPR, international data transfers, human rights, international law, contracts, Privacy Shield, Schrems, Facebook, national security, surveillance, PRISM, EU, USA
Suggested Citation: Suggested Citation