| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 1.09 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
This dissertation seeks to outline the implications of the CJEU judgment in Case C-311/18
Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (Schrems II)
on international data transfers, particularly for data transfers between the European Union and
the United States. The Schrems II judgment has invalidated the Privacy Shield, making it the
second data transfer mechanism between the EU and the US that the CJEU strikes down. It
also leaves Standard Contractual Clauses (SCCs) as one of the only options for data transfers,
creating significant burdens for companies/organizations to assess the laws and practices of
third countries to be able to transfer data. The Schrems II decision, without a doubt, will change
the relationship between global data flows and national security, and we have already started
to see the legal uncertainties brought forward by the case. This dissertation aims to give an
overview of the history of data protection laws in both the EU and the US, including differences
in their approaches to data protection. It then examines the two Schrems cases and the
invalidated transfer mechanisms, as well as the legal landscape for transfers after CJEU's last
decision. Lastly, it discusses the impact of the decision on cross-border data flows, data
privacy, surveillance, and national security, while trying to chart a path forward by examining
possible solutions for the continuance of data transfers.
Description
Keywords
Data protection Surveillance Privacy