20 Jul 2020

ECJ invalidates EU-US Privacy Shield on international personal data transfers

On 16 July the European Court of Justice (ECJ) decided to invalidate the EU-US personal data protection agreement (Privacy Shield), meaning that it is no longer available as a mechanism for legitimizing transfers of personal data from the EU/EEA to the US.

The ECJ also ruled that the European Commission's Standard Contractual Clauses ('SCCs') remain valid as a legal mechanism for transferring personal data outside the EU and the EEA. As of now, European companies will not be able to rely anymore on the fact that a company self-certifies as Privacy Shield Compliant. Instead, companies will need to use Standard Contractual Clauses (SCCs). In particular, the European Commission has approved Standard Contractual Clauses between an EU/EEA data controller to non-EU controller and from an EU controller to non-EU or EEA processor.

The European Commission has taken note of the ECJ decision and will consider restarting negotiations with the US government to find a new agreement to allow easier international data transfers between the EU and the US. Euralarm partner Orgalim released a short statement on the day of the judgment.

ECJ invalidates EU-US Privacy Shield on international personal data transfers

Related topics

You may also be interested in

Euralarm at Proteger: Leadership in standardization

Request for the consideration of products that explicitly serve to protect human life

Euralarm urges Commission to include smoke, carbon monoxide and gas alarms for exemption from Article 11(3) of the EU Batteries Regulation

Compliance Newsletter March 2024 available for download

Compliance Newsletter March 2024

Webinar How can Digitalization of Remote Services shape the Fire Industry?