Understanding Data Transfers Under The Gdpr Onetrust One Trust by Onetrust / One Trust instant download after payment.

The interaction between EU data protection laws and
international data transfers, especially to the United
States, has been central to how this story has played
out.
In 2013, the Schrems I Case was initiated by Austrian
privacy activist Max Schrems. Schrems filed a
complaint against Facebook Ireland for transferring
data to the US, alleging inadequate protection against
surveillance by US authorities. This case led to the
Court of Justice of the European Union (CJEU)
invalidating the US-EU Safe Harbor framework in
2015, which until then, had been a key mechanism for
legitimizing data transfers from the EU to the US. 

The introduction of GDPR which came into effect
in May 2018, brought a comprehensive overhaul
to EU data protection laws. It introduced strict
requirements for transferring personal data out of
the EU, emphasizing the need for an adequate level of
protection or specific safeguards, such as Standard
Contractual Clauses (SCCs) or Binding Corporate
Rules (BCRs). 

In 2020, Max Schrems further reshaped the data
transfer landscape. The Schrems II case specifically
targeted the EU-US Privacy Shield, a framework
established after the invalidation of Safe Harbor. In
July 2020, the CJEU ruled that the Privacy Shield
was inadequate due to US surveillance laws. 

The
court also raised concerns about SCCs, though they
were not invalidated. This decision emphasized the
necessity for organizations to conduct thorough
assessments of data protection laws and legal
frameworks in recipient countries and adopt
supplementary measures if needed.