European high court invalidates privacy shield, but upholds standard contractual clauses for international data transfers under the GDPR.
The General Data Protection Regulation (GDPR), Europe’s restrictive data protection law, permits the transfer of personal data from the European Economic Area (EEA) to other countries only under limited circumstances. On July 16, 2020, the Court of Justice of the European Union (CJEU or Court) issued a highly anticipated decision in a case brought by Maximillian Schrems, an Austrian privacy advocate, who challenged Facebook Ireland’s reliance on standard contractual clauses (SCCs) as a legal basis for transferring his personal data to Facebook, Inc. in the United States (U.S.).
Read the full article here.