In the wake of growing data protection concerns around the turn of the century, a framework dubbed “Safe Harbor” was agreed between the EU and the US in 2000, which essentially permitted transatlantic free-flow of personal data.
Towards the end of 2015, as a result of one of several legal challenges brought by prolific Austrian privacy campaigner Max Schrems, the European Court of Justice declared the Safe Harbor framework invalid on the grounds that it did not provide adequate safeguards for personal data.
Following the landmark judgment, the relevant data protection bodies hurriedly created a replacement framework which was adopted by the European Commission in July 2016 – the EU-US Privacy Shield. This purportedly beefed up protections for the personal data of EU citizens, tightened safeguards and introduced more effective methods of redress for individuals.
But the tenacious Herr Schrems has lodged a fresh legal challenge over standard contractual clauses, which companies use to transfer customer data between their various geographical hubs. Although not a direct challenge to Privacy Shield, it has been reported that a court hearing in July 2019 asked a series of questions about the legality of the replacement framework. Furthermore, it is understood that a separate hearing on Privacy Shield was recently postponed to await the outcome of the case on standard contractual clauses. Commenting, Mac Schrems said: “There is fundamentally a clash between surveillance laws in the US and privacy rules in Europe … We’re in a debate about who governs the internet. Europe governs privacy, but the US governs surveillance.”