Schrems II, from Snowden to China: Toward a new alignment on transatlantic data protection
| Published date | 01 March 2020 |
| Date | 01 March 2020 |
| DOI | http://doi.org/10.1111/eulj.12370 |
| Author | Marc Rotenberg |
UN CERTAIN REGARD
Schrems II, from Snowden to China: Toward a new
alignment on transatlantic data protection
Marc Rotenberg
*
Abstract
When the Court of Justice announced the judgment in Schrems I, commentators described the out-
come as an "earthquake" that tossed aside the fragile legal framework for transatlantic data flows
known as the “Safe Harbor”. The judgment of the Court in Schrems II has now toppled the second
framework, the “Privacy Shield”. In this article, I restate recommendations to the US Congress fol-
lowing the first Schrems judgment: (1) enact a comprehensive privacy law, (2) establish an indepen-
dent data protection agency, and (3) ratify Council of Europe Convention 108. But I also explain
that the United States and Europe are more aligned today in the common enterprise of data protec-
tion than they were five years ago, as the backdrop has shifted from the disclosures of Edward
Snowden to the surveillance ambitions of the Chinese government. A common approach is there-
fore in the interests of these two key trading partners. There is also today shared urgency in
strengthening the foundations of democratic institutions.
1|SCHREMS I
I testified before the United States Congress in 2015 after the first Schrems judgment.
1
In my statement I explained
that the judgment of the Court of Justice was not surprising. For many years, scholars, members of the European
Parliament and consumer groups on both sides of the Atlantic had expressed concern about the Safe Harbor frame-
work, the legal basis for the transfer of personal data of Europeans to the United States. From the perspective of
Europeans, the data transfer agreement failed to provide the protections otherwise afforded by the EU Data
*
Marc Rotenberg is founder and director of the Center for AI and Digital Policy at the Michael Dukakis Institute for Leadership and Innovation. He is the
past President of the Electronic Privacy Information Center (EPIC). EPIC participated as expert amicus before the CJEU in Schrems II. Thanks to N.
Babazadeh, F. Bignami, E. De Capitani, K. Caunes, K. Irion, L. Kennedy, B. Kilic, M. Murphy, B. Petkova, O. Pollicino and G. Zanfir-Fortuna for helpful
comments.
1
M. Rotenberg, ‘Examining the EU Safe Harbor Decision and Impacts for Transatlantic Data Flows’, United States House of Representatives Energy &
Commerce Subcommittees on Commerce, Manufacturing, and Trade and Communications and Technology (3 November 2015), https://epic.org/privacy/
intl/schrems/EPIC-EU-SH-Testimony-HCEC-11-3-final.pdf. I raised similar concerns about Safe Harbor when I spoke before the LIBE Committee in 2012.
“Three studies of the Safe Harbor Framework, conducted in 2001, 2004, and 2008, found numerous deficiencies, with the most recent studyfinding that
‘the growing number of false claims made by organisations regarding the Safe Harbor represent a new and significant privacy risk to consumers.’” I also
explained, despite claims to the contrary, Facebook did not comply with the Safe Harbor Framework. M. Rotenberg, ‘The Reform of the EU Data
Protection Framework—BuildingTrust in a Digital and Global World’,EuropeanParliament Committee on Civil Liberties, Justice, and Home Affairs (10 October
2012), 9, 11 https://www.epic.org/privacy/Rotenberg_EP_Testimony_10_10_12.pdf.
DOI: 10.1111/eulj.12370
Eur Law J. 2020;26:141–152. wileyonlinelibrary.com/journal/eulj © 2020 John Wiley & Sons Ltd. 141
To continue reading
Request your trial