On 6 October 2015 the Court of Justice of the European Union (CJEU) handed down a landmark ruling in Maximillian Schrems v. Irish Data Protection Commission, which declared Safe Harbor, a mechanism which pre-approved the transfer of personal data from the EU to the US, invalid. In the months that followed stakeholders in the EU and US conducted legally complex and politically sensitive discussions which have led to the newly formulated draft EU–US Privacy Shield. This article will consider the fallout from the Schrems decision and the proposed application of the resulting Privacy Shield.
Business Law Review