EU law meets state communications surveillance – what consequences for UK data protection adequacy?
Written By
In July 2020 the CJEU Schrems II judgment invalidated the EU-US Privacy Shield under the provisions of EU data protection law governing transfers of data to third countries.
The CJEU decided that, in the light of US state communications surveillance powers, the Privacy Shield arrangements did not adequately protect EU personal data. Now, hard on the heels of Schrems II, have come the 6 October 2020 CJEU judgments in C-623/17 Privacy International and C-511-512/18 La Quadrature du Net (the latter joined with C-520/18 Ordre des barreax francophones et Germanophone). These new judgments address compliance with EU law of various UK, French and Belgian communications data retention and surveillance powers.