Schrems v Data Protection Commissioner

Through the judgment dated October 6, 2015, the Court of Justice of the European Union (hereinafter: CJEU) invalidated the Commission Decision 2000/520 / EC of July 26, 2000 (hereinafter: Decision), and consequently voided the U.S.-EU Safe Harbor Framework of its significance as a guarantee of an adequate level of personal data protection.

Permit me to recall to your memory that the Safe Harbor Framework was once developed by the European Commission and the US Department of Commerce as a practical means to overcome the differences in the approach to protection of personal data between the European Union and the United States. The high standards set by Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 (hereinafter: Directive) determined the classification of the United States as a third country which does not ensure on its territory an adequate level of protection of personal data – to use the terminology employed in the Polish national legislation implementing the Directive (namely, the Act of August 29, 1997 on the protection of personal data; hereinafter: Act). Such a classification generally excludes the possibility of transferring data to the United States. But then, what are the exceptions for?

Read more