BEGIN ARTICLE PREVIEW:
On 6 October 2020, the Court of Justice of the European Union (CJEU) published two decisions that further define the permitted scope of governmental access to personal data.
These decisions are relevant in two key areas:
Complying with the Schrems II judgement: The judgment provides some guidance on how organisations should undertake the “case-by-case assessments” of third countries to which they are transferring personal data using the European Commission approved Standard Contractual Clauses (SCCs); and
Brexit: The judgement also gives some clues as to the standard to which the UK will be held as it seeks an EU Commission adequacy finding for its data protection regime when the Brexit transition period ends on 31 December 2020.
The case of Privacy International v Secretary of State for Foreign and Commonwealth Affairs, the Secretary for State for the Home Department and the UK security and intelligence agencies (SIAs) (Case C-623/17) concerns the conditions under which SIAs may process communications metadata (i.e. traffic and location data, not message content) collected by telecommunications providers. The CJEU heard this case jointly with two other related cases – the joined cases C-511/18 and C-512/18 (La Quadrature du Net and Others) from France, and case C-520/18 (Ordre des barreaux francophones et …
END ARTICLE PREVIEW