On 16 July 2020, in what is known as the Schrems II case, the European Court of Justice ruled that the EU/US Privacy Shield data transfer mechanism is invalid. However, the Court validated Standard Contractual Clauses with the strong caveat that national Supervisory Authorities can invalidate them if they are poorly implemented.
Conor Hogan, Global Practice Director - Privacy at BSI, reviews the impact and implications of the European Court of Justice's decision on the 5000+ organizations that rely on the Privacy Shield for the transfer personal data between the EU and US and vice-versa.