A Groundhog Day in Brussels: Schrems II and International Data Transfers

Tue 18 August 2020

The much anticipated Schrems II decision, delivered by the Court of Justice of the European Union (CJEU) on 16 July 2020, is almost a ‘reliving’ of its earlier decision in Schrems I: this time, the CJEU invalidated the (in)famous Privacy Shield ‘Privacy Shield’, which succeeded its predecessor Safe Harbour Decision (‘Safe Harbour’), which the same Court declared invalid back in 2015 in Schrems I. While the CJEU upheld the validity of the SCC Decision and the use of standard contractual clauses for international data transfers, it ruled that the National Data Protection Authorities must act where these clauses do not provide safeguards equivalent to the General Data Protection Regulation (‘GDPR’). Schrems II thus is the latest chapter in the continued ideological battle initiated by the CJEU against the ever-expanding US tech surveillance infrastructure — a tussle which shows no signs of abating. In this paper, we look at it all in more detail. Read More with hub members Genna Churches and Monika Zalnieriute

A Groundhog Day in Brussels: Schrems II and International Data Transfers

Submission to Senate Select Committee on Adopting AI

Submission on digital identity and digital identity (transitional and consequential provisions) bills

Submission to 2023-2030 Australian Cyber Security Strategy: Legislative Reforms