Data Transfers after Schrems II: The EU-US Disagreements Over Data Privacy and National Security
Vanderbilt Journal of Transnational Law, (2022) 55(1), pp. 1- 48
48 Pages Posted: 20 Apr 2021 Last revised: 18 Mar 2022
Date Written: April 14, 2021
In the long-awaited Schrems II decision, the Court of Justice of the European Union (CJEU) took a radical, although not an unexpected, step in invalidating the Privacy Shield Agreement which facilitated the European Union – United States data transfers. Schrems II illuminates the long-lasting international disagreements between the EU and USA over data protection, national security, and the fundamental differences between the public and private approaches to protection of human rights in data-driven economy and modern state. This article approaches the decision via an interdisciplinary lens of international law and international relations and situates it in a broader historical context. In particular, I rely on the historical institutionalist approach which emphasizes the importance of time and timing (also called sequencing) as well as institutional preferences of different actors to demonstrate that Schrems II decision further solidifies and cements CJEU’s principled approach to data protection, rejecting data securitization and surveillance in the post-Snowden era. Schrems II aims to re-balance the terms of international cooperation in data-sharing across the Atlantic and beyond. It is the outcome that the US tech companies and the government feared. Yet, they are not the only actors displeased with the decision. An institutionalist emphasis enables us to see that the EU is not a monolithic block, and Schrems II outcome is also contrary to the strategy and preferences of the EU Commission. The invalidation of the Privacy Shield will now (again) require either a reorientation of EU policy and priorities, or accommodation of the institutional preferences of its powerful political ally – the USA. The CJEU decision goes against the European Data Strategy, and places a $7.1 trillion transatlantic economic relationship at risk. Historical institutional analysis suggests the structural changes in the US legal system to address the inadequacies in the Schrems II judgment are unlikely. Therefore, the EU Commission will act quick to create a solution - another quick contractual ‘fix’ - to accommodate US exceptionalism and gloss over the decades of disagreement between the EU and USA over data protection, national security and privacy. When two powerful actors are unwilling to change their institutional preferences, ‘contracting out’ the protection of human rights in international law is the most convenient option.
Keywords: National Security, Surveillance, Privacy, Data Protection, EU Law, Court of Justice of EU, GDPR, Schrems, Facebook, Privacy Shield, International Data Transfers, Historical Institutionalism, International Relations, Human Rights
Suggested Citation: Suggested Citation