Standard Contractual Clauses for Data Privacy Protection to be Reviewed by the Court of Justice of the European Union
By Matthew Verga, JD, Xact Data Discovery
In a potentially landmark case, the CJEU will consider the sufficiency of Standard Contractual Clauses for data transfers from the EU to the US
In 2013, public revelations about the US National Security Agency’s surveillance practices raised concerns for many EU citizens, including Max Schrems, over US government access to personal data being held by US organizations. Schrems initiated a lawsuit in Ireland taking the position that US laws and the Safe Harbor program then in place did not adequately protect his personal data held by Facebook from unacceptable “mass transfers” to the US government for the purposes of that surveillance. The case eventually resulted in the Court of Justice of the European Union (“CJEU”) issuing a ruling invalidating the Safe Harbor program in October 2015.