By: Monika Zalnieriute
PDF: Data Transfers after Schrems II
In the long-awaited Schrems II decision, the Court of Justice of the European Union (CJEU) took a radical, although not an unexpected, step in invalidating the Privacy Shield Agreement, which facilitated data transfers between the European Union and the United States. Schrems II illuminates long-lasting international disagreements between the EU and the United States over data protection, national security, and the fundamental differences between the public and private approaches to the protection of human rights in the data-driven economy and modern state. This Article approaches the decision via an interdisciplinary lens of international law and international relations and situates it in a broader historical context. In particular, I rely on the historical institutionalist approach, which emphasizes the importance of time and timing (also called sequencing) as well as institutional preferences of different actors to demonstrate that the Schrems II decision further solidifies and cements CJEU’s principled approach to data protection, rejecting data securitization and surveillance in the post-Snowden era. Schrems II aims to rebalance the terms of international cooperation in data sharing across the Atlantic and beyond. It is the outcome that US tech companies and the government feared. Yet, they are not the only actors displeased with the decision. An institutionalist emphasis illuminates that the EU is not a monolithic block, and that the Schrems II outcome is also contrary to the strategy and preferences of the EU Commission. The invalidation of the Privacy Shield will now (again) require either a reorientation of EU policy and priorities or an accommodation of the institutional preferences of its powerful political ally––the United States. The CJEU decision runs counter to the European Data Strategy and places a $7.1 trillion transatlantic economic relationship at risk. Historical institutional analysis suggests that structural changes in the US legal system to address the inadequacies in the Schrems II judgment are unlikely. Therefore, the EU Commission will act quickly to create a solution––another quick, contractual “fix”––to accommodate US exceptionalism and gloss over the decades of disagreement between the EU and United States over data protection, national security, and privacy. When two powerful actors are unwilling to change their institutional preferences, “contracting out” the protection of human rights in international law is the most convenient option.