If you subscribe to any legal news sites or industry specific newsletters, you may have noticed that, in the last week or so, the blogosphere has been consumed by Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II).
But before we discuss Schrems II, let’s first step back to 2016 and the Schrems I decision.
Reviewing Schrems I
In Schrems I, the court examined how Facebook exported personal data of European citizens in light of the EC Directive 95/46.
Relevant here is the fact that, in addition to regulating the transmission of personal data to the US, for many European countries, EC Directive 95/46 served as a chief blocking statute. (Recall that a blocking statute is a device used to impede the transfer of personal data of European citizens to US courts.)
From 1995 to 2016, much of the personal data transferred from the EU to the US was done pursuant to a “safe harbor” created by the Directive 95/46. Schrems I invalided that safe harbor.
The EU responded quickly to Schrems I and enacted Directive 2016/679 to repeal Directive 95/46. Rather than creating a safe harbor for transferring personal data, Directive 2016/679 created a “privacy shield.”
The Privacy Shield Framework & Schrems II
Since its inception, approximately 5,400 companies signed on to the Privacy Shield Framework through the self-certification mechanism established and operated by the US Department of Commerce.
The Privacy Shield Framework was designed to protect the personal data of European subjects transferred outside the EU. This often includes transfers to processors in the US engaging in a broad range of activities including outsourcing, payroll, and cloud services.
Schrems II invalidated the Privacy Shield, leaving data buyers and sellers in limbo — and in need of quickly renegotiated data exchange contracts.
Impact on Evidence Taking
Since Directive 2016/679 has now accordingly become the chief blocking statute for many European countries, a natural question to ask is how does Schrems II impact the ability to take evidence from European witnesses and parties?
The answer is not much.
First, Directive 2016/679 protections only apply to “natural persons” and not corporations. Second, and more importantly, Directive 2016/679 does not comply “when courts are acting in the judicial capacity.”
How LLS Can Help
Legal Language has the practical information and experience necessary to help you ascertain the procedure, cost, time-frame, and any potential setbacks in obtaining evidence located abroad.
Contact us for a free consultation, and let us help you help your client.
Call 1-800-788-0450 or fill out our free quote form.
 CJEU #c-311/18; http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=10385741 .
 This is also known as the “General Data Protection Regulation” of “GDPR.”
 David Jennings and Steven Cosentino: EU Suspends the Privacy Shield- Where do we go from here? Stinson 17 July 2020.
 Directive 2016/679 at ¶¶ 1-2.
 Id. at ¶20.