Schrems II
The 2020 CJEU ruling (Case C-311/18) invalidating the EU-US Privacy Shield and tightening Standard Contractual Clauses requirements for international data transfers.
What Schrems II means
Schrems II refers to the Court of Justice of the European Union ruling in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems (Case C-311/18, July 2020), which invalidated the EU-US Privacy Shield framework and significantly raised the bar for relying on Standard Contractual Clauses (SCCs) for international personal data transfers. Following the ruling, EU data exporters must conduct Transfer Impact Assessments (TIAs) for transfers to third countries, evaluating local surveillance laws and supplementary safeguards. The successor framework — the EU-US Data Privacy Framework (DPF) — was adopted in July 2023 and is currently the primary mechanism for compliant US-bound transfers. Schrems II also indirectly elevated the importance of EU data residency for European customers.