The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the CJEU clarifies that the so-called standard contractual clauses (SCC) may still be used – with important caveats.
Click here to read the full GT Alert, “European Court of Justice Annuls EU-US Privacy Shield Framework.“