“And [they] built a crooked h[arbour]” – the Schrems ruling and what it means for the future of data transfers between the EU and US

Abstract

Safe Harbour (Henceforth, SH) has been the main enabler of EU-US personal data transfers since Decision 2000/520/EC came into force. Initially, Safe Harbour was seen as an innovative solution to a difficult problem. However, the problems the agreement was created to solve were never remedied. Thus, it did not come as a surprise that the Court of Justice of the European Union (hereinafter, CJEU), in Case C-362/14 (the Schrems ruling), deemed the agreement invalid. In the story “And he built a crooked house”, the infamous ‘crooked house’, designed by Robert A. Heinlein’s character Quintus Teal, mirrors SH’s flawed design. It also exemplifies the fact that great innovations can fail if not thought through carefully. Although the Schrems ruling’s scope does not go beyond Decision 2000/520/EC, it will force European Data Protection Agencies to look deeper into alternative data transfer mechanisms and possibly, consider transfers to jurisdictions other than the US. Furthermore, this decision highlights the fact that if any progress on this front is going to be made going forward regarding personal data transfers, any solution(s) would have to be made at a global level. This paper will provide an overview of the implications of the CJEU ruling on data transfers between the EU and the US going forward.