This dissertation seeks to outline the implications of the CJEU judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (Schrems II)on international data transfers, particularly for data transfers between the European Union and the United States. The Schrems II judgment has invalidated the Privacy Shield, making it the second data transfer mechanism between the EU and the US that the CJEU strikes down. It also leaves Standard Contractual Clauses (SCCs) as one of the only options for data transfers,creating significant burdens for companies/organizations to assess the laws and practices of third countries to be able to transfer data. The Schrems II decision, without a doubt, will change the relationship between global data flows and national security, and we have already started to see the legal uncertainties brought forward by the case. This dissertation aims to give an overview of the history of data protection laws in both the EU and the US, including differences in their approaches to data protection. It then examines the two Schrems cases and the invalidated transfer mechanisms, as well as the legal landscape for transfers after CJEU's last decision. Lastly, it discusses the impact of the decision on cross-border data flows, data privacy, surveillance, and national security, while trying to chart a path forward by examining possible solutions for the continuance of data transfers.
|Date of Award||5 Nov 2021|
- Universidade Católica Portuguesa
|Supervisor||Luís André Rodrigues Heleno Terrinha (Supervisor)|
- Data protection
- Mestrado em Direito Transnacional