A few thoughts in preparation for the #CJEU decision on #SchremsII, which is now a week away and is bound to change the way we approach the restrictions on data transfers out of the EU which have been in the law for 25 years...

First of all, this decision is part of the @Snowden disclosures’ legacy, which shook Europe probably more than any other part of the world. So whatever happens, expect big statements about the need for government access to data to be NECESSARY and PROPORTIONAL in a democracy.

We’ll obviously get all the gory details next week, but I think it is beyond doubt that the #CJEU decision will be a game changer primarily for:

&data transfers
And
data transfers after #Brexit transition period

The viability of Standard Contractual Clauses (by far the most widely used mechanism to legitimise transfers) is at stake. Even if no invalidation happens, companies & regulators will be directly charged with demonstrably ensuring that any contracts in place deliver protection.

For companies, the Withdrawal Agreement means that #CJEU decisions still apply here, so transfers out of the UK will be affected despite #Brexit.
The effect after the Transition Period depends entirely on whether gets an adequacy finding for transfers by @EU_Commission

As to the #PrivacyShield, the focus will be on whether #CJEU regards government commitments as being in line with European law, so compliance with the framework by data importers may not deliver sufficient overall protection despite their efforts.

The bottom line is that everyone will need to act fast to:
Understand the effect of the decision
Assess the impact on their data transfers
Put in place remedial measures wherever the weaknesses are
Repeat the above on an ongoing basis