News Archives

Tuesday, May 31, 2016

Chicken Little May be Right

The sky may indeed be falling, with the May 25 report that the Irish Data Protection Commissioner was referring the question of the validity of standard contractual clauses as a basis for data transfers to countries lacking an adequate level of data protection to Europe’s top court, the Court of Justice of the European Union (CJEU).  Once again, it is Max Schrems’ complaint against Facebook, which led to the court’s invalidation of the Safe Harbor framework last October, that is driving the referral.  Most observers agree with Schrems that the lack of protection for personal data stemming from U.S. government surveillance of data transferred under Safe Harbor applies equally well to data transferred under model contracts.  

CJEU invalidation of the use of standard contractual clauses for data transfers to the U.S. would exponentially increase the risks of profound disruptions in international business, since it is widely believed that more companies, and certainly larger companies, rely upon such clauses than upon Safe Harbor as the legal basis for their data transfers.  In addition, model contracts are the chief mechanism used by European companies to transfer personal data to third countries around the world.  A CJEU ruling that standard contractual clauses cannot be utilized without consideration of the recipient country’s surveillance practices could jeopardize far more than business relationships with the United States.

And if model contracts go, can Binding Corporate Rules be far behind?  Or consent?  We live in interesting times.  Hang on!

No comments:

Post a Comment