Search

How can we help?

Icon

Breaking News – Standard Contractual Clauses and Privacy Shield – latest developments with Facebook case

Advocate General, Henrik Saugmandsgaard Øe of the Court of Justice of the European Union (CJEU) has just handed down his opinion in response to a referral by the High Court of Ireland for preliminary rulings of law. The High Court case in question related to complaints made by Max Schrems against Facebook Ireland and Facebook Inc concerning the transfer of Mr Schrems’ personal data to the United States (U.S).

The Advocate General’s (AG’s) Opinion will be used in deliberations by the Court and whilst not binding, is persuasive and gives a good indication of what the CJEU may eventually rule.

The referral by the Irish High Court was in response to a request by Irish Data Protection Commissioner (DPC) for the court to provide a ruling so that it may adjudicate Mr Schrems’ complaints.

Mr Schrems had argued that transfers of personal data from Facebook Ireland to its parent company, Facebook Inc in the U.S failed to ensure an adequate level of protection of the data transferred in accordance with the General Data Protection Regulation (GDPR) and its predecessor and requested the Irish DPC to suspend transfers to the U.S entity. This was on the basis that certain U.S surveillance laws and measures used by U.S government authorities, including the National Security Agency allowed the U.S government to intercept and collect content transmitted from Facebook Ireland by methods including access via underwater cables on the floor of the Atlantic Ocean.

Mr Schrems had complained to the Irish Data Protection Commission that by these laws, Facebook Inc would be required to make personal data of its users available to the U.S authorities and would infringe on his rights to privacy. Mr Schrems requested the Irish DPC to suspend such transfers. Mr Schrems had called into question the effectiveness of the legal basis on which Facebook relied to make the transfers, namely standard contractual clauses (SCCs) approved by the European Commission and also the validity of the “privacy shield” adequacy decision. The Privacy Shield is a program approved by the European Commission allowing private U.S organisations to obtain certification designed to afford a level of protection to individuals transferring their personal data to such organisations. A transfer of personal data to an organisation registered with Privacy Shield is currently one method to lawfully transfer personal data to the U.S.

The Advocate General’s (AG’s) Opinion will be used in deliberations by the Court and whilst not binding, is persuasive and gives a good indication of what the CJEU may eventually rule.

In summary, the AG considered that notwithstanding the submissions put forward by the parties and a number of interveners, the validity of the SCCs should remain unaffected. This is because whilst the laws in the place of receipt may be found to be inadequate, the SCC provisions themselves are “compensation” for the lack of such adequacy. However, if the laws of the place of receipt prevents the recipient from complying with the SCCs (such as the surveillance laws in question) then it is up to the exporter of data to either suspend the transfers or terminate the SCCs. If the exporter chooses not to suspend the transfers or terminate the SCCs, it must notify the relevant supervisory authority (in the UK, this is the Information Commissioner’s Office) and that authority then has the power to itself suspend those transfers.

The AG declined to provide a formal opinion on 6 out of the 11 questions concerning the validity of the Privacy Shield protections and counselled the CJEU not to consider these questions in light of the particular facts of the case.

Notwithstanding this, the AG expressed a number of doubts concerning the level of protection afforded by Privacy Shield and these concerns will no doubt be noted by the CJEU.

A decision of the CJEU should be forthcoming in 2020.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

About this article

Read, listen and watch our latest insights

art
  • 16 July 2026
  • Corporate and M&A

EMIs – The basics

Discover the essentials of Enterprise Management Incentives (EMIs), an HMRC-approved employee share scheme offering tax advantages. Learn how EMIs incentivise staff, eligibility requirements, and how Clarkslegal can help tailor a scheme for you.

Pub
  • 15 July 2026
  • Litigation and dispute resolution

ICC Arbitration Rules 2026 overhaul: The end of Terms of Reference and future trends – Episode 3

In this final episode, Jack Hobbs (Clarkslegal) and Christopher Howitt (Three Stone) discuss the impact of the ICC Arbitration Rules 2026 overhaul, focusing on the end of Terms of Reference. Hear expert insights and practical tips for adapting to the new rules.

art
  • 15 July 2026
  • Employment

New guidance on interim relief: More applications, same high threshold

In certain limited unfair dismissal claims (such as those for automatic unfair dismissal relating to a protected disclosure) claimants can apply for interim relief. This is an emergency measure which essentially prevents a dismissal from taking effect until the claim has been heard.

Pub
  • 09 July 2026
  • Litigation and dispute resolution

The Arbitration Act 2025 – Factsheet

This factsheet outlines the major reforms and key developments introduced by the Arbitration Act 2025, including updates on summary disposal, jurisdictional challenges, emergency arbitrators, arbitrator disclosure duties, and governing law in arbitration proceedings.

art
  • 09 July 2026
  • Immigration

Right to Work Checks are changing from 1 October 2026: Is your business ready?

The Home Office’s new rules, effective 1 October 2026, will overhaul right to work checks and raise the risk of civil penalties for UK businesses.

art
  • 08 July 2026
  • Privacy and Data Protection

ICO prosecutes employee under the Data Protection Act for forwarding client data to his personal email address

The issue of employees taking confidential business information or personal data when moving to a new employer remains a significant concern for businesses.