Skip to content

Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems: AG Discusses the Validity of Standard Contractual Clauses and Raises Concerns Over Privacy Shield (C-311/18 Schrems II, Opinion of AG Saugmandsgaard Øe)

Stefano Fantin


Keywords: standard contractual clauses, EU-US Privacy Shield, national security, Schrems

Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems, Opinion of the Advocate General Henrik Saugmandsgaard Øe of the Court of Justice of the European Union of 19 December 2019
The fact that personal data transferred for commercial purposes to the US under standard contractual clauses may later be accessed by US security services does not render the whole legal framework invalid per se. Under such schemes, a case-by-case approach is to be adopted, whereby appropriate data protection safeguards are expected to be monitored ex-ante by data controllers and ex-post by national data protection authorities. Conversely, transfers carried out under the Privacy Shield unveil questions on the effectiveness of the scheme to offset deficiencies of the US framework regulating foreign intelligence activities, with respect to the protection of European citizens’ fundamental rights.
Articles 2(2), 45, 46 and 58(2) of the General Data Protection Regulation
Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council OJ L 39
Articles 7, 8 and 47 of the Charter of Fundamental Rights of the European Union OJ C 326

Stefano Fantin, Doctoral Researcher at the Center for IT and IP Law (KU Leuven University, Belgium), Affiliated Researcher at the Center for European Policy Studies (CEPS) - Cybersecurity Initiative, Belgium. For correspondence: <>


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation