- Why Us?
- White Label
Schrems II is the name given to an ECJ (European Court of Justice) case that was based on the fact that US companies cannot ensure adequate standards for personal data protection. As a consequence, personal data transfer between the EU and the US became illegal and the Privacy Shield agreemnt between them was rendered obsolete.
Schrems II is the generic name given to a case at the European Court of Justice, which ruled in favor of Max Schrems and led to the invalidation of the EU-US Privacy Shield, on July 16, 2020. This led to the fact that it became illegal for any type of data processor to use services from the USA, that would give those services access to the personal data of EU citizens, without fully explaining the risks. The consequences were very serious, so much as for some major US companies (e.g. Facebook) to consider interrupting their business in the EU altogether.
A previous case, known as Schrems I, started by the same person, had been at the origin of a similar outcome in 2015. The decision of the ECJ in the Schrems II case, was based on the argument that, especially due to US legislation like the CLOUD Act, there is no way to guarantee the privacy of personal data if they are handled by US companies. Federal agencies using a warrant could always force data processors like Google or Facebook to disclose personal information about users, without any consent from them. It does not matter where the servers containing the data are physically placed. Therefore, any EU citizen accessing a website hosted in the US, or any website that uses third party apps managed by US companies (e.g. Google Analytics), needs to be properly informed about all the legal implications of the data transfer, as well as all the risks.
For more details on the consequences of Schrems II, you can read this overview. In summary, they are: