A few thoughts in preparation for the #CJEU decision on #SchremsII, which is now a week away and is bound to change the way we approach the restrictions on data transfers out of the EU which have been in the law for 25 years...
First of all, this decision is part of the @Snowden disclosures’ legacy, which shook Europe probably more than any other part of the world. So whatever happens, expect big statements about the need for government access to data to be NECESSARY and PROPORTIONAL in a democracy.
We’ll obviously get all the gory details next week, but I think it is beyond doubt that the #CJEU decision will be a game changer primarily for:
&

data transfers
And


data transfers after #Brexit transition period




And



The viability of Standard Contractual Clauses (by far the most widely used mechanism to legitimise transfers) is at stake. Even if no invalidation happens, companies & regulators will be directly charged with demonstrably ensuring that any contracts in place deliver protection.
For
companies, the Withdrawal Agreement means that #CJEU decisions still apply here, so transfers out of the UK will be affected despite #Brexit.
The effect after the Transition Period depends entirely on whether
gets an adequacy finding for
transfers by @EU_Commission

The effect after the Transition Period depends entirely on whether


As to the #PrivacyShield, the focus will be on whether #CJEU regards
government commitments as being in line with European law, so compliance with the framework by data importers may not deliver sufficient overall protection despite their efforts.

The bottom line is that everyone will need to act fast to:
Understand the effect of the decision
Assess the impact on their data transfers
Put in place remedial measures wherever the weaknesses are
Repeat the above on an ongoing basis



