EU-US Privacy Shield Invalidated by CJEU

Jul 22, 2020

A small bomb was just dropped in the GDPR landscape:

The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield

Standard contractual clauses (SCC) are still valid however, so I wonder how this will effectively improve EU residents condition, when even the processor in the US has limited or no effective recourse in their own legal system? 🤔

See "EU Privacy Shield Agreement made invalid" by David Cox for more details on the alternatives (user consent, SCC, corporate binding rules). Probably some work required to update our compliance documents and our privacy statements.

Sharing is caring!