← Back to all briefings
Data Strategy 6 min read Published Updated Credibility 40/100

Schrems II invalidates EU–US Privacy Shield

The CJEU’s Schrems II ruling on 16 July 2020 struck down the EU–US Privacy Shield and tightened scrutiny on Standard Contractual Clauses, forcing companies to add transfer assessments and supplementary safeguards for cross-border data flows.

Kodi C.

Editor & Research Lead

Accuracy-reviewed by the editorial team

Data strategy pillar illustration for Zeph Tech briefings
Data strategy, stewardship, and privacy briefings

The Court of Justice of the European Union (CJEU) issued the Schrems II judgment on 16 July 2020, invalidating the EU–US Privacy Shield adequacy framework and affirming Standard Contractual Clauses (SCCs) with stricter obligations. The ruling was immediate, forcing teams that relied on Privacy Shield to pivot to SCCs or alternative transfer mechanisms while documenting surveillance risks and supplementary safeguards. Schrems II also helped supervisory authorities to suspend transfers that cannot achieve an essentially equivalent level of protection.

Priority actions

  • Assessment requirement: Evaluate current practices against the updated requirements outlined in this analysis.
  • Documentation update: Review and update relevant policies, procedures, and technical documentation.
  • Stakeholder communication: Brief affected teams on timeline implications and resource requirements.
  • Compliance verification: Schedule internal review to confirm alignment with guidance.

Similar analysis

Additional analysis covering similar themes.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Data Strategy Operating Model Guide

    Design a data strategy operating model that satisfies the EU Data Act, EU Data Governance Act, U.S. Evidence Act, and Singapore Digital Government policies with measurable…

  • Data Interoperability Engineering Guide

    Engineer interoperable data exchanges that satisfy the EU Data Act, Data Governance Act, European Interoperability Framework, and ISO/IEC 19941 portability requirements.

  • Data Stewardship Operating Model Guide

    Establish accountable data stewardship programmes that meet U.S. Evidence Act mandates, Canada’s Directive on Service and Digital, and OECD data governance principles while…

Coverage intelligence

Published
Coverage pillar
Data Strategy
Source credibility
40/100 — low confidence
Topics
Cross-Border Transfers · EU · United States · Standard Contractual Clauses · Privacy
Sources cited
3 sources (curia.europa.eu, edpb.europa.eu, iso.org)
Reading time
6 min

Further reading

  1. CJEU Judgment — Case C-311/18 (Schrems II)
  2. EDPB Recommendations on supplementary measures (Version 1.0)
  3. ISO 8000-2:2022 — Data Quality Management — International Organization for Standardization
  • Cross-Border Transfers
  • EU
  • United States
  • Standard Contractual Clauses
  • Privacy
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.