Abstract

CJEU invalidated the Safe Harbor and stated that, in order to be “adequate”, the level of data protection offered by the third country should be “essentially equivalent” to that being offered in the EU

  • also see: Schrems II
  • The Commission had declared data transfers to the US legal under Article 25(6) of the Data Protection Directive 95/46 (Directive 95/46) when complying with safe-harbor regime by Decision 2000/520 (the Adequacy Decision) finding the US’s protection of personal data adequate if the recipients adhered to so called safe harbor privacy principles
  • 2013: Schrems complained to the Irish Data Protection Commissioner (DPC) seeking to prohibit these transfers, claiming that the US did not have an adequate level of protection
  • more: Schrems I

Related: C-311 18 Schrems II