By: Tom On: July 21, 2020 In: Evidence Taking Comments: 2
Spread the love

If you subscribe to any legal news sites or industry specific newsletters, you may have noticed that, in the last week or so, the blogosphere has been consumed by Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II).[1]

But before we discuss Schrems II, let’s first step back to 2016 and the Schrems I decision.

Reviewing Schrems I

In Schrems I, the court examined how Facebook exported personal data of European citizens in light of the EC Directive 95/46.[2]

Relevant here is the fact that, in addition to regulating the transmission of personal data to the US, for many European countries, EC Directive 95/46 served as a chief blocking statute. (Recall that a blocking statute is a device used to impede the transfer of personal data of European citizens to US courts.)

From 1995 to 2016, much of the personal data transferred from the EU to the US was done pursuant to a “safe harbor” created by the Directive 95/46.  Schrems I invalided that safe harbor.

The EU responded quickly to Schrems I and enacted Directive 2016/679 to repeal Directive 95/46. Rather than creating a safe harbor for transferring personal data, Directive 2016/679 created a “privacy shield.”

The Privacy Shield Framework & Schrems II

Since its inception, approximately 5,400 companies signed on to the Privacy Shield Framework through the self-certification mechanism established and operated by the US Department of Commerce.

The Privacy Shield Framework was designed to protect the personal data of European subjects transferred outside the EU. This often includes transfers to processors in the US engaging in a broad range of activities including outsourcing, payroll, and cloud services.[3]

Schrems II invalidated the Privacy Shield, leaving data buyers and sellers in limbo — and in need of quickly renegotiated data exchange contracts.

Impact on Evidence Taking

Since Directive 2016/679 has now accordingly become the chief blocking statute for many European countries, a natural question to ask is how does Schrems II impact the ability to take evidence from European witnesses and parties?

The answer is not much.

First, Directive 2016/679 protections only apply to “natural persons” and not corporations.[4] Second, and more importantly, Directive 2016/679 does not comply “when courts are acting in the judicial capacity.”[5]

How LLS Can Help

Legal Language has the practical information and experience necessary to help you ascertain the procedure, cost, time-frame, and any potential setbacks in obtaining evidence located abroad.

Contact us for a free consultation, and let us help you help your client.

Call 1-800-755-5775 or  fill out our free quote form.

[1] CJEU #c-311/18; .
[2] This is also known as the “General Data Protection Regulation” of “GDPR.”
[3] David Jennings and Steven Cosentino: EU Suspends the Privacy Shield- Where do we go from here? Stinson 17 July 2020.
[4] Directive 2016/679 at ¶¶ 1-2.
[5] Id. at ¶20.

Spread the love
0 0 votes
Article Rating
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
E. Ocasio
1 year ago

It is scary how some companies handle information from a human being.Then again, young people seem to not get bother by the way the companies absorb their information in minutes.I think it is a matter of generations. What seems to be ok for young people seem to be a red alert for old people. In the other hand , in Europe ,they seem to be not so eagger to let companies get their information without their consent.

1 year ago
Reply to  E. Ocasio

You’re right, studies do show that there is a difference in the way generations view the sharing of personal information. That said, these views, regardless of generation, are subject to societal changes as surveillance technology evolves and surveillance abuses multiply.

The European community has, as a whole, promulgated higher levels of protection particularly concerning the collection, sharing and use of personal information and user data. Meanwhile, the only comparable privacy law in the US is the HIPAA Privacy Law which applies to medical providers and their business associates.