Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. News and events
  3. Legal news
  4. European Court of Justice rules Privacy Shield unlawful

European Court of Justice rules Privacy Shield unlawful

16th July 2020

The Court of Justice of the European Union (CJEU)  has ruled that the Privacy Shield scheme for transfers of personal data from the EU to the United States is unlawful. 

However, it has upheld the validity of the Standard Contractual Clauses scheme, thereby providing a safety net for transatlantic business.   

The Privacy Shield was negotiated with the US Department of Commerce between 2015 and 2016 to remedy the collapse of its predecessor, the Safe Harbour agreement, in 2015.  

Behind the legal challenge to Privacy Shield and Safe Harbour were the implications of Edward Snowden's 2013 disclosures about mass surveillance by national security and law enforcement agencies in the United States. 

The core argument in both cases was that companies such as Facebook Ireland cannot ensure adequate privacy protections for users in Europe with respect to their personal data sent to Facebook Inc in the United States, due to the different nature of the US legal system's rules on national security, privacy and data protection.   

The collapse of the Privacy Shield is likely to have massive implications for transatlantic relationships, but the CJEU upheld the Standard Contractual Clauses framework for international transfers, meaning that a workaround exists for organisations to ensure their data flows to the United States are lawful. The Standard Contractual Clauses can also be used to maintain data flows with other countries outside of Europe. 

Commenting, Stewart Room, Global Head of Data Protection and Cyber Security at DWF, said: "This judgment is the second major blow delivered to the US privacy and data protection legal framework by the EU Court of Justice relating to the Snowden disclosures and in today's climate of unstable transatlantic political relationships, it is unlikely to meet with approval in the US. However, this is not just a US problem. Twice now the European Commission has tried to reach an agreement with the US on data protection, only to have its efforts ruled unlawful. There needs to be a different mindset to how the challenges of international transfers to the US are met, because failed schemes like this have significant impacts for individuals and for businesses.   

"Fortunately, there are workarounds to maintain data flows to the US, which include the Standard Contractual Clauses. This means that adjustments can be made where necessary, to keep data flows to the US alive. 

"However, businesses will be asking themselves 'what is next'? There are other countries that pose challenges to privacy rights and data protection and they raise obvious questions about the potential for other legal action."

 

Add To Favorites

Additional

  • News and events

In this section

  • Law Society news
  • CPD & Training
  • Blogs & opinions
  • Events
  • 75th Anniversary

Categories

  • civil litigation
  • criminal law
  • employment
  • obituary
  • careers
  • practice management
  • law society of scotland
  • government-administration
  • welfare/benefits
  • family-child law
  • reparation
  • professional regulation
  • property (non-commercial)
  • insolvency
  • consumer
  • human rights
  • mental health-adult incapacity
  • planning/environment
  • europe
  • information technology
  • immigration
  • education-training
  • executries
  • corporate
  • commercial property
  • agriculture-crofting
  • dispute resolution
  • risk management
  • intellectual property
  • client relations
  • tax
  • licensing
  • banking-financial services
  • trusts-asset management
  • reviews
  • opinion
  • For the public
  • Research and policy
  • Regulation
  • Journal online news
  • interview

News Archive

  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited