On the 16 July 2020, the Court of Justice of the European Union ("CJEU") finally rendered its long-awaited judgement in the Case C-311/18, Data Protection Commissioner v Facebook Ireland & Schrems ("Schrems II") on the validity of Standard Contractual Clauses ("SCC") as a transfer mechanism for transferring personal data from the EU/ EEA to third countries under the General Data Protection Regulation ("GDPR"). In its decision, the CJEU considers that the Commission Decision 2010/87 on standard contractual clauses is valid. However, in its decision, the CJEU also ruled on the adequacy provided by the EU-US Data Protection Shield and invalidated the protection afforded by this Decision.
Swiss data protection law also uses the protection of the SCCs and the Privacy Shield as mechanisms for data transfers. Both in Switzerland and the EU many businesses rely heavily on the SCCs and the Privacy Shield for their data transfers to countries outside of the EU/EEA or Switzerland. As a result of the CJEU's judgement, businesses will need to take immediate action or be in breach of data protection laws. Find out in our blog what this landmark decision from the CJEU means for your business.