EU law meets state communications surveillance – what consequences for UK data protection adequacy?

Written By

graham smith module
Graham Smith

Of Counsel
UK

Insightful advice from one of the UK's leading internet and IT lawyers.

In July 2020 the CJEU Schrems II judgment invalidated the EU-US Privacy Shield under the provisions of EU data protection law governing transfers of data to third countries.

The CJEU decided that, in the light of US state communications surveillance powers, the Privacy Shield arrangements did not adequately protect EU personal data. Now, hard on the heels of Schrems II, have come the 6 October 2020 CJEU judgments in C-623/17 Privacy International and C-511-512/18 La Quadrature du Net (the latter joined with C-520/18 Ordre des barreax francophones et Germanophone). These new judgments address compliance with EU law of various UK, French and Belgian communications data retention and surveillance powers.

View the full article on digitalbusiness.law >

Latest insights

More Insights
featured image

Employment Litigation in Singapore: Employees Can Double-Strike with Employment Claims Tribunal Win Followed by High Court Claim

4 minutes Jul 11 2025

Read More
featured image

Singapore Issues Advisory to Stop Use of NRIC Numbers for Authentication

3 minutes Jul 11 2025

Read More
Curiosity line pink background

China’s Personal Information Protection Audit - When Is It Required and How to Conduct It?

Jul 10 2025

Read More