The Impact of the Sentence C-362/14 in the Case Maximillian Schrems Against Data Protection Commissioner Over the Personal Data Transfer from the European Union to the United States of America
Languages of publication
Personal data transferring from the EU member states to third countries, i.e. such ones which are located outside the European Economic Area, is subject to separate provisions set forth in the provisions of the Directive on the protection of physical persons with regards to personal data processing and the free flow of such data as well as the act on personal data protection. A possibility to transfer the personal data to third countries occurs only on condition that an adequate degree of protection with regards to such data is provided. This means that protective measures applied within a given state at least equal those applied within the European Union. Legal norms binding in the United States do not guarantee the proper level of protection with regards to personal data. Applied sector regulations, introducing mostly the bans from personal data processing, give more freedom to the data administrators as far as personal data processing is concerned compared to the countries located within the European Economic Area. The year 2000 brought the introduction of the „safe harbour” programme which was supposed to ameliorate the transfer of personal data to the USA. The entities that joined the programme were qualified as the ones providing the proper level of personal data protection. Hence, such data could have been transferred to the servers located in the USA. Legality of personal data transferring to the USA has been questioned by Maximilian Schrems. Schrems addressed the Irish data protection authority. The dispute regarding the case was settled by the EU Tribunal of Justice. The objective of my research is to analyse the sentence C-362/14 passed in the case Maximilian Schrems against Data Protection Commissioner and the consequences of the said sentence over the possibilities to transfer the personal data to third countries and its potential impact on the final shape of the data protection enactment.
-  M. Hansen, O. Shah, The New EU Technology Transfer Regime – Out of the Straightjacket into the Safe Harbour?, European Competition Law Review 25(8) (2004) 465-469.
-  B. Debatin, J. P. Lovejoy, A-K. Horn M.A., B. N. Hughes, Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences, Journal of Computer-Mediated Communication, 15(1) (2009) 83-108.
-  G. Shaffer, Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting up of U.S. Data Privacy Standards, Yale Journal of International Law 25 (2000) 1-88.
-  B. Lau, S. Chung, C. Song, Y. Jang, W. Lee, and A. Boldyreva. Mimesis aegis: A mimicry privacy shield–a system’s approach to data privacy on public cloud, 23rd USENIX Security Symposium, San Diego, CA, USA, 2014, 33-48.
-  B. Samueli, A. Blecher-Prigat, Privacy for Children, Columbia Human Rights Law Review, 42(3) (2011) 759-795.
-  M. Lokke, Binding Corporate Rules: Corporate Self-Regulation of Global Data Transfers (2012) 10-45.
-  P. Carey, Data Protection: A Practical Guide to UK and EU Law (2015) 1-16.
-  See, for instance, M. Sakowska-Baryła, Prawo do ochrony danych osobowych (2015) 64-81.
-  See, for instance, M. Krzysztofek, Ochrona danych osobowych w Unii Europejskiej (2014) 53-89.
Publication order reference